Zero-day season is far from over as reports indicate that an exploit was found targeting zero-day vulnerabilities for certain versions of Adobe Reader. This discovery came on the heels of the recent Adobe Flash Player incident that occurred last week.
In the related samples we gathered, the exploit is disguised as a .PDF file (detected by Trend Micro as TROJ_PIDIEF.KGM), which is crafted to target still unpatched vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe PDF Reader versions 9, 10, and 11. Once executed, ...
This February, Microsoft released 12 security bulletins addressing 57 vulnerabilities. Out of the security updates, 5 are tagged Critical and the rest rated as Important.
One of the notable advisories for this round is (MS13-009) Cumulative Security Update for Internet Explorer (2792100), which covers the vulnerabilities in Internet Explorer. These vulnerabilities affecting all versions of IE, which include the latest version IE 10 on Windows 8 and Windows RT, could lead to remote code execution. The other notable Critical-rate updates are MS13-011 ...
With today’s robust technology, it is now possible for users to remotely control their home devices via the Internet. However, as this technology gains a foothold, cybercrime is not far behind.
In our 2013 Security Predictions, our Chief Technology Officer (CTO) Raimund Genes predicted that with digital technology becoming more integrated in our lives, we may be seeing threats in unlikely places. In particular, as more home devices and appliances are designed to access the Internet, they can become new venues ...
Adobe released an out-of-band update for two critical zero-day vulnerabilities just a few days in advance to its regular monthly patch cycle. The Buffer overflow vulnerability (CVE-2013-0633), which exists in Flash Player can lead to remote code execution or denial of service conditions when exploited. This vulnerability, which has been exploited in the wild, targets Windows systems via ActiveX version of Flash Player. These attacks have been intended to deceive users by embedding malicious Flash (.SWF) file in Microsoft Word ...
In our 2013 security predictions, Trend Micro Chief Technology Officer Raimund Genes predicted that we will be seeing new toolkits this year. In a recent posting of Malware don't need coffee a new emerging exploit kit dubbed Whitehole Exploit Kit was tackled. The name Whitehole Exploit Kit is just a randomly selected name to differentiate it from BHEK. While it uses similar code as Blackhole Exploit kit, BHEK in particular uses JavaScript to hide its usage of plugindetect.js, while Whitehole does not. ...
