This month’s Microsoft and Adobe Patch Tuesday is a huge release from both vendors. Microsoft has released fifteen bulletins that address a total of 33 vulnerabilities for their products. Adobe has released one security bulletin that addresses a total of 92 vulnerabilities for Adobe Acrobat and Reader. All total, Microsoft and Adobe patched 125 vulnerabilities…
Read More
There’s been a recent development in the threat environment around the Remote Root Vulnerability in HID Door Controllers that we wanted to alert customers to. You might recall on March 30, 2016, our Zero Day Initiative published an advisory around a vulnerability that Ricky “HeadlessZeke” Lawshae with our DVLabs group discovered. This was for a…
Read More
Recently, Apple made an announcement that everyone should be familiar with. They announced that they are no longer supporting QuickTime for Microsoft Windows. In particular, they’re not going to fix any more security vulnerabilities in it. There are already two known security vulnerabilities with QuickTime for Windows now. Trend Micro’s Zero Day Initiative reported them…
Read More
Pwn2Own 2016 starts tomorrow at March 16, 2016, at CanSecWest 2016 at the Sheraton Wall Centre in Vancouver, British Columbia. Over the next two days teams will be attempting to demonstrate new zero-day vulnerabilities in Google Chrome, Microsoft Edge, and Adobe Flash on Microsoft Windows 10 64-Bit, and Apple Safari on Mac OS X El…
Read More
On December 8th, 2015 the International Computer Security Association (ICSA) announced the results of the advanced threat defense (ATD) solution certification testing. Given Trend Micro’s track record of active participation in industry tests such as, NSS Labs Breach Detection testing, the results of the ICSA test further demonstrates the detection efficacy of Deep Discovery. This…
Read More
With the most recent Oracle Critical Patch Update that addresses Java CVE-2015-4902, we have the second Pawn Storm-related vulnerability to be patched in less than a week. This also fixes the second Java vulnerability in use in zero-day attacks related to Pawn Storm since July 2015. In total, Trend Micro’s Vulnerability Research Teams, working with…
Read More
As the mobile malware epidemic has raged on the Android platform, people on iOS have been relatively safe. There are many reasons why this is the case, but one of the chief reasons is that Apple has claimed that they keep their “walled garden” safe meaning that they keep malicious code and malware from entering…
Read More
As many of you already know, Trend Micro Deep Security delivers a comprehensive security platform optimized for the virtual and cloud environments. Deep Security 9.6 was recently launched and builds upon a rich history of being the only true single security platform with advanced threat protection capabilities built to work seamlessly with key virtualization and…
Read More
This week we learned of a concerted cybercriminal effort to subvert the Yahoo ad network, which could have affected the 6.9 billion monthly visitors to their site. The threat actors behind this attack utilized a few threats we’ve seen recently, such as malvertisements and exploit kits. Malvertisements are malicious ads designed and placed by cybercriminals…
Read More
Trend Micro researchers are now disclosing additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users. The “Stagefright” vulnerability is actually a marketing label for a cluster of seven individual vulnerabilities. One of the vulnerabilities in this cluster, CVE-2015-3824, was independently discovered by Trend Micro’s research team at the…
Read More
