Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2015
    S M T W T F S
    « Dec    
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category

    Patches to fix the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability in SSL first discussed in October have been gradually put in place since its discovery. We've recently uncovered that some transport layer security (TLS) implementations may be vulnerable to a variant of the same POODLE attack. This means that secure connections protected via TLS can, in certain conditions, be vulnerable to man-in-the-middle (MITM) attacks, leading to encrypted traffic being decrypted by an attacker. How Does POODLE Affect TLS? The original POODLE bug was a flaw in how SSL 3.0 ...

    Posted in Vulnerabilities |

    This year's last installment of Patch Tuesday security advisories by Microsoft includes MS14-075, a bug in Microsoft Exchange Server, which had been delayed last November. It was rated important due to an elevation in privilege across several versions of Exchange, from 2007 (SP3), 2010 (SP3), and 2013 (Cumulative Update 6). Last month, Microsoft originally listed the patch date for MS14-075 as "Release date to be determined". Microsoft Rates 3 Bulletins as 'Critical', 4 as 'Important' A total of three critical bulletings were listed, ...

    Posted in Vulnerabilities |

    Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes. In both October and November Patch Tuesday cycles, Microsoft addressed several vulnerabilities that were used by attackers to escape the Internet Explorer sandbox. One of ...

    Posted in Exploits, Vulnerabilities |

    Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in applications previously thought safe. Below is a timeline of events that Shellshock unraveled. Figure 1. A timeline of events that illustrate the Shellshock exploitation that took place ...

    Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe's advisory describes this vulnerability as a "de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit authors seem to be one step ahead. This is very dangerous to ordinary home users who rarely patch their software, let alone Adobe Flash Player, which ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice