Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Late last month, we reported about a backdoor vulnerability that we discovered in Netcore/Netis brand routers, a backdoor that made any network attached to a router of the same brand vulnerable to online infiltration and man-in-the-middle attacks. We also reported on how our friends at the ShadowServer Foundation have been kind enough to scan for IP addresses affected by this vulnerability, with their findings readily available in website form. At the time, the number of affected IP addresses numbered to more than ...

    Posted in Bad Sites, Vulnerabilities |



    Since the initial discovery of the initial Shellshock vulnerability and multiple reports of it being exploited in the wild, more vulnerabilities have been found in Bash. This was not unexpected. After the initial disclosure of Heartbleed, other vulnerabilities were found in OpenSSL. This pattern is repeating itself with Shellshock and Bash. Summary of Shellshock Currently, six CVEs have been assigned that are related to Shellshock. The remotely exploitable attacks are related to a known feature of the Bash shell: it is possible to ...

    Posted in Exploits, Vulnerabilities |



    Independent security researcher Rafay Baloch recently disclosed a serious vulnerability in Android's built-in browser. The vulnerability allows the same origin policy of the browser to be violated. This could allow a dangerous universal cross-site scripting (UXSS) attack to take place. An attacker could potentially use an IFRAME to load a legitimate site for which the victim has an account. Due to the disclosed bug he now has the ability to run Javascript in the context of that site, something he should ...

    Posted in Mobile, Vulnerabilities |



    Our coverage on the Bash bug vulnerability (more popularly known as “Shellshock”) continues as we spot new developments on Shellshock-related threats and attacks. Here is a list of our stories related to this threat: Shellshock: A Technical Report - this technical brief describes the vulnerability in detail, as well as outlying which platforms are affected. Shellshock Vulnerabilities Proliferate, Affect More Protocols - attacks using Shellshock are now targeting new web services, including mail and FTP servers. Shellshock Exploit Attempts Continue in China - servers in China are ...

    Posted in Malware, Vulnerabilities |


    Sep28
    6:27 am (UTC-7)   |    by

    It seems like the floodgates have truly opened for Shellshock-related attacks. We have reported on different attacks leveraging the Bash bug vulnerability, ranging from botnet attacks to IRC bots. We have also mentioned that we spotted Shellshock exploit attempts in Brazil. It appears that these attempts were not limited to that country alone. We saw yet another Shellshock exploit attack—this time targeting a financial institution in China. Trend Micro Deep Discovery was able to detect this attempt and found that attackers were ...

    Posted in Exploits, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice