We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine.Read More
Today, the Trend Micro Forward-Looking Threat Research team released the paper Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry, our research about a weakness we identified in pager technology. If you are concerned about keeping your health information private, I would highly recommend you read through it. I, for one, was not expecting the findings we made. Pagers are secure, right? We’ve used them for decades, they are hard to monitor, and that’s why some of our most trusted industries use them, including the healthcare sector.
Nope. Wrong. All it took to see hospital information in clear text from hundreds of miles (or kilometers if you are a non-US person like me) away is an SDR software and a USB dongle. Frankly, I was stunned. The problem with pagers—like many other technologies—is that they were designed and developed in a bygone era, and very few people go back to see if current technologies easily break the trust we had in these older ones or not (by virtue of making ease of monitoring—accidental or intentional—something easily done by a common person).Read More
In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.
In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.Read More
The second Tuesday of the month is here, which means one thing – new patches from Microsoft. Compared to recent months, September’s batch of patches is slightly larger with 14 bulletins in all, evenly split between Critical and Important ones.Read More
Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.
This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.Read More