Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. What is this backdoor? Simply put, it is an open UDP port listening at port 53413. This port is accessible from the WAN side of the router. This ...




    In the past few weeks, an exploit kit known as FlashPack has been hitting users in Japan. In order to affect users, this particular exploit kit does not rely on spammed messages or compromised websites: instead, it uses a compromised website add-on. This particular add-on is used by site owners who want to add social media sharing buttons on their sites. All the site owner would have to do is add several lines of JavaScript code to their site's design template. This ...




    Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs—Google Wallet and the Chinese payment platform Alipay—and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 and 3 and Alipay SDK 1.0. We have notified the developers of these findings. As of this writing, Alipay has patched the vulnerability. Meanwhile, Google is ...

    Posted in Mobile, Vulnerabilities |



    Microsoft has rolled out nine security bulletins for their August Patch Tuesday. Two bulletins are rated as Critical, while the rest are rated as Important. Microsoft Windows, Internet Explorer, Microsoft SQL Server, and Microsoft .NET Framework are some of the affected applications that these bulletins covered. One of the most notable bulletins in this month's cycle is MS14-051, which addresses 26 vulnerabilities found in Internet Explorer. The other Critical bulletin is MS14-043, which resolves problems in Windows Media Center, a component of Microsoft Windows. The vulnerabilities resolved in ...

    Posted in Vulnerabilities |



    Security researchers from Bluebox Labs recently uncovered a vulnerability that may allow malicious apps to impersonate legitimate ones. This vulnerability, dubbed as “FakeID,” is involved with the checking of certificate signatures to prove the legitimacy of applications. What makes this highly notable is that all Android devices running on platforms starting from Android 2.1 (“Éclair”) to 4.4 (“KitKat”) are affected by this vulnerability. Certificates and Signatures Android applications must be “signed” before they are published and released for installation. Signing apps ...

    Posted in Mobile, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice