Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Three zero-day vulnerabilities - CVE-2014-4114, CVE-2014-4148, and CVE-2014-4113 - were reported last week and patched by Microsoft in their October 2014 Patch Tuesday. CVE-2014-4114, also known as the Sandworm vulnerability, can enable attackers to easily craft malware payloads when exploited. This particular vulnerability has been linked to targeted attacks against European sectors and industries. In addition, our researchers found that Sandworm was also being used to target hit SCADA systems. The latter two vulnerabilities (CVE-2014-4148, CVE-2014-4113) leveraged vulnerabilities in the Windows kernel (Win32k.sys), affecting most Windows versions. In 2013, only ...

    Posted in Malware, Vulnerabilities |



    Cybercriminals and threat actors often use tried-and-tested vulnerabilities in order to infect user systems and consequently, penetrate an enterprise network. This highlights the importance of patching systems and keeping software and applications up-to-date. We recently spotted DYREZA malware leveraging an old vulnerability found existing in Adobe Reader and Acrobat and covered under CVE-2013-2729. Accordingly, once this vulnerability is successfully exploited it could lead to the execution of arbitrary code on the affected system. Figures 1-2. Screenshots of spam emails DYREZA malware uses spammed ...

    Posted in Malware, Vulnerabilities |



    Earlier today, Google researchers Bodo Möller, Thai Duong, and Krzysztof Kotowicz released a paper discussing a serious bug in SSL 3.0 that allows attackers to conduct man-in-the-middle attacks and decrypt the traffic between Web servers and end users. For example, if you're shopping online with your credit card, you may think that your information is secure but thanks to this bug (known as POODLE) it may actually be at risk. An attacker can hijack your transaction, retrieve your credit card information, or ...




    Three out of nine security bulletins in today’s Microsoft Patch Tuesday are marked as Critical while the rest are tagged as Important The patches address vulnerabilities found in Internet Explorer, and Microsoft .NET Framework, including the zero-day exploit affecting Microsoft Windows. MS14-060 discusses the Sandworm zero-day vulnerability, which was reported hours earlier. Based on our analysis, attackers may use this vulnerability to create/execute malware payloads, given that it not too difficult to exploit. Attackers can just know the format and create their own PowerPoint exploit. Trend Micro detects ...

    Posted in Malware, Vulnerabilities |



    Prior to the release of Microsoft’s monthly patch Tuesday, a new zero-day exploiting Windows vulnerability covered in CVE-2014-4114 was reported by iSight. The said vulnerability affects desktop and server versions of Vista and Sever 2008 to current versions. It was believed to be associated in cyber attacks related to NATO by Russian cyber espionage group. Based on our analysis, the vulnerability exists in PACKAGER.DLL, which is a part of Windows Object Linking and Embedding (OLE) property. By using a crafted PowerPoint ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice