Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category

    The first half of this year has been quite eventful for the mobile threat landscape. Sure, we had an idea the state of affairs from 2013 would continue on to this year, but we didn't know just to what extent. From ballooning mobile malware/high risk app numbers to vulnerabilities upon vulnerabilities, let's recap just what happened in the past six months and see if we can learn anything from them for the six months ahead. So, what did happen in the ...

    Posted in Mobile, Vulnerabilities |

    Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. What is this backdoor? Simply put, it is an open UDP port listening at port 53413. This port is accessible from the WAN side of the router. This ...

    In the past few weeks, an exploit kit known as FlashPack has been hitting users in Japan. In order to affect users, this particular exploit kit does not rely on spammed messages or compromised websites: instead, it uses a compromised website add-on. This particular add-on is used by site owners who want to add social media sharing buttons on their sites. All the site owner would have to do is add several lines of JavaScript code to their site's design template. This ...

    Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs—Google Wallet and the Chinese payment platform Alipay—and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 and 3 and Alipay SDK 1.0. We have notified the developers of these findings. As of this writing, Alipay has patched the vulnerability. Meanwhile, Google is ...

    Posted in Mobile, Vulnerabilities |

    Microsoft has rolled out nine security bulletins for their August Patch Tuesday. Two bulletins are rated as Critical, while the rest are rated as Important. Microsoft Windows, Internet Explorer, Microsoft SQL Server, and Microsoft .NET Framework are some of the affected applications that these bulletins covered. One of the most notable bulletins in this month's cycle is MS14-051, which addresses 26 vulnerabilities found in Internet Explorer. The other Critical bulletin is MS14-043, which resolves problems in Windows Media Center, a component of Microsoft Windows. The vulnerabilities resolved in ...

    Posted in Vulnerabilities |


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice