The remote access tool (RAT) HAVEX became the focus of the security industry after it was discovered to have played a major role in a campaign targeting industrial control systems (ICS). While observing HAVEX detections (known by different vendors as Dragonfly, Energetic Bear, and Crouching Yeti), we noticed something interesting. The Dragonfly campaign was previously…
Read MoreWith the finalization of HTML5 standard by World Wide Web Consortium (W3C) last October, there will be a rapid growth of new HTML5 web apps coming out in the near future. Considering the platform independent characteristic in web apps, we foresee that HTML5 will accelerate the repackaging from web apps to mobile apps for malicious…
Read MoreA few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook…
Read MoreIn recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South…
Read MoreEarlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk. By now, most major distributions have been able to release patches that upgraded the vulnerable bash shell to versions not affected…
Read More