Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2015
    S M T W T F S
    « Dec    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    When news of the Shellshock vulnerability broke out at the end of September, we spotted several attacks that leveraged the said vulnerability, thus manifesting the prevalence or even evolution on how attackers used the exploit. For instance, attackers used Shellshock to target SMTP servers, launch botnet attacks, and even to download KAITEN source code among others. We have continuously monitored this vulnerability and on our latest research, we observed that recent samples of BASHLITE (detected by Trend Micro as ELF_BASHLITE.SMB) scans the network for devices/machines ...




    Microsoft released 16 security updates during its Patch Tuesday release for November 2014, among which includes CVE-2014-6332, or the Windows OLE Automation Array Remote Code Execution Vulnerability (covered in MS14-064). We would like to bring attention to this particular vulnerability for the following reasons: It impacts almost all Microsoft Windows versions from Windows 95 onward. A stable exploit exists and works in versions of Internet Explorer from 3 to 11, and can bypass operating system (OS) security utilities and protection such as Enhanced ...




    14 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Windows Object Linking and Embedding (OLE), and Microsoft .NET Framework among others. Out of these security bulletins, four are tagged as Critical and 8 are rated as Important. One of the notable bulletins is MS14-065, which fixes several vulnerabilities in Internet Explorer. All supported versions of the browser are affected by these vulnerabilities, which could lead to remote code execution. Another crucial bulletin is MS14-064 that resolves vulnerabilities in Microsoft Windows Object ...

    Posted in Vulnerabilities |



    We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It's rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability - CVE-2014-1772. We'd privately disclosed this vulnerability to Microsoft earlier in the year, and it had been fixed as part of the June Patch Tuesday update, as part of ...

    Posted in Exploits, Vulnerabilities |



    2014 brought with it many significant additions to the technology landscape. These put new capabilities into the hands of users and companies that allowed them to do things that they would not have thought possible before. However, these same changes also aid threat actors: threats can now come from unexpected vectors, and augment the existing capabilities that attackers already possess. What are the key developments that will shape the threat landscape of tomorrow, and how do we foresee its evolution? These ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice