Drupal is the latest platform to issue an emergency patch for a critical vulnerability. The issue (CVE-2018-7600) allows an attacker to execute code remotely with little effort. That’s bad. The Drupal team has been quick to respond and has already issued a patch and a mitigation for users unable to immediately patch. In addition to…
Read MoreIn our 2016 security roundup report, A Record Year for Enterprise Threats, we talked about the vulnerability landscape during the year and what trends we saw. Let’s look at some of the key aspects of what we saw in 2016. 1. Trend Micro’s Zero Day Initiative (ZDI) with support of their 3,000+ independent vulnerability researchers,…
Read More
Just a day before Pwn2Own kicks off its 10th anniversary, join us in looking at the security updates released by Google, Adobe, VMWare, Firefox, and Microsoft for the month of March 2017. It’s shaping up to be the largest Patch Tuesday in history, which is fitting to coincide with the largest Pwn2Own ever. tl:dr –…
Read More
Over the last decade of Pwn2Own™ competitions, different people harbored different emotions towards the contest. It’s been referred to as a blood bath for browsers, although no actual blood has ever been spilt. It has helped launch people’s careers, or at the very least, it has helped increase their notoriety. It’s been accused of crushing…
Read More
Welcome to the first Trend Micro Zero Day Initiative (ZDI) monthly patch review blog. This month, we put additional context around the major security patches released from Microsoft and Adobe. As the crisp autumn air descends upon us, it is time again to take a look at the security patches released by Adobe and Microsoft…
Read More
I have been going to the same summer camp every year since I was about 5. Back then it was 4 single moms looking for a place to bring their kids for some outdoors fun and a hope that the kids would take part in an activity long enough to get through a chapter in…
Read More
Like most boys I liked to play with trucks when I was little. I would always go over to by buddy Jeremey’s house to play and one day he pulled out this red, white and blue truck. He was giddy about his truck after a few minutes of pushing it around he said “check this…
Read More
This month’s Microsoft and Adobe Patch Tuesday is a huge release from both vendors. Microsoft has released fifteen bulletins that address a total of 33 vulnerabilities for their products. Adobe has released one security bulletin that addresses a total of 92 vulnerabilities for Adobe Acrobat and Reader. All total, Microsoft and Adobe patched 125 vulnerabilities…
Read More
There’s been a recent development in the threat environment around the Remote Root Vulnerability in HID Door Controllers that we wanted to alert customers to. You might recall on March 30, 2016, our Zero Day Initiative published an advisory around a vulnerability that Ricky “HeadlessZeke” Lawshae with our DVLabs group discovered. This was for a…
Read More
Recently, Apple made an announcement that everyone should be familiar with. They announced that they are no longer supporting QuickTime for Microsoft Windows. In particular, they’re not going to fix any more security vulnerabilities in it. There are already two known security vulnerabilities with QuickTime for Windows now. Trend Micro’s Zero Day Initiative reported them…
Read More
