Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Zero-Day Alerts

  • Hacking Team Leak

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    Oracle has released its Critical Patch Update for the month of July. The update provides fixes for 193 new security vulnerabilities, including the recently announced zero-day vulnerability first reported by Trend Micro researchers. What makes the zero-day discovery more notable is that it is being used in an ongoing targeted attack campaign, Operation Pawn Storm. This particular vulnerability was designated as CVE-2015-2590. Trend Micro first came across this vulnerability (and exploit) as part of our ongoing investigations on Operation Pawn Storm. We found ...

    Posted in Vulnerabilities |



    The hits keep on coming from the Hacking Team. After three separate Adobe Flash zero-days, another vulnerability that could take over user systems has been found. Our latest discovery is in Internet Explorer, and has been acknowledged by Microsoft and patched as part of the regular Patch Tuesday cycle as MS15-065. It has been designated as CVE-2015-2425. While we did find proof-of-concept (POC) code, there are still no known attacks exploiting this vulnerability. Vulnerability Information This zero-day vulnerability is a just-in-time (JIT) function ...




    End-of-life fun times are coming to infosec departments everywhere—again. Just a year after the announcement of Windows XP’s end-of-life, we see another body in the OS graveyard: Windows Server 2003. After July 14th, servers running this venerable OS will no longer be receiving any more security updates. This would leave you out in the cold pretty soon, given the speed that new vulnerabilities are being published lately. Who'd want to be in such a position? According to a survey conducted by Spiceworks, ...




    Is it time to hop off the endless cycle of Flash vulnerabilities and updates? Last week has not been great for Adobe Flash. The 440GB of leaked Hacking Team emails has become a treasure trove for vulnerability hunters. Over the past 7 days, Flash was hit by three separate vulnerabilities: CVE-2015-5119 CVE-2015-5122 CVE-2015-5123 At this time, only the first vulnerability has been patched. Adobe has already promised to fix the two remaining issues sometime this week, but this does not guarantee the extinction of future vulnerabilities for the platform. ...

    Posted in Vulnerabilities |



    After two Adobe Flash player zero-days disclosed in a row from the leaked data of Hacking Team, we discovered another Adobe Flash Player zero-day (assigned with CVE number, CVE-2015-5123) that surfaced from the said leak. Adobe has already released a security advisory after we reported the said zero-day. This vulnerability is rated as critical and can allow an attacker to take control of the affected system once successfully exploited.  It affects all versions of Adobe Flash in Windows, Mac, and ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice