Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category

    Security researchers have announced a new "vulnerability" in Linux dubbed "Grinch", which allows for escalation-of-privilege attacks in versions of Linux that use the polkit toolkit for privilege authorization. However, the true threat of this vulnerability is much more limited. The bug was named after the holiday season and the Dr. Seuss character, as some would say that this would have the potential to ruin the season of network administrators. An independent researcher first posted about this vulnerability - which he called PackageKit Privilege Escalation ...

    Posted in Exploits, Vulnerabilities |

    We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix and no timeframe for a fix from them. When a specially-constructed malformed certificate is introduced into an Android device (either by a new app being installed ...

    Posted in Mobile, Vulnerabilities |

    Patches to fix the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability in SSL first discussed in October have been gradually put in place since its discovery. We've recently uncovered that some transport layer security (TLS) implementations may be vulnerable to a variant of the same POODLE attack. This means that secure connections protected via TLS can, in certain conditions, be vulnerable to man-in-the-middle (MITM) attacks, leading to encrypted traffic being decrypted by an attacker. How Does POODLE Affect TLS? The original POODLE bug was a flaw in how SSL 3.0 ...

    Posted in Vulnerabilities |

    This year's last installment of Patch Tuesday security advisories by Microsoft includes MS14-075, a bug in Microsoft Exchange Server, which had been delayed last November. It was rated important due to an elevation in privilege across several versions of Exchange, from 2007 (SP3), 2010 (SP3), and 2013 (Cumulative Update 6). Last month, Microsoft originally listed the patch date for MS14-075 as "Release date to be determined". Microsoft Rates 3 Bulletins as 'Critical', 4 as 'Important' A total of three critical bulletings were listed, ...

    Posted in Vulnerabilities |

    Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes. In both October and November Patch Tuesday cycles, Microsoft addressed several vulnerabilities that were used by attackers to escape the Internet Explorer sandbox. One of ...

    Posted in Exploits, Vulnerabilities |


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice