• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for January 2015

Exploring Control Flow Guard in Windows 10

  • Posted on:January 30, 2015 at 8:51 pm
  • Posted in:Vulnerabilities
  • Author:
    Jack Tang (Threats Analyst)
0

As operating system developers are always keen on improving exploit mitigation technology, Microsoft has enabled a new mechanism in Windows 10 and in Windows 8.1 Update 3 (released last November) by fault. This technology is called Control Flow Guard (CFG). Previous mitigation techniques like address space layout randomization (ASLR) and Data Execution Prevention (DEP) have…

Read More
Tags: Control Flow GuardWindows 10

New DYRE Variant Hijacks Microsoft Outlook, Expands Targeted Banks

  • Posted on:January 30, 2015 at 8:34 am
  • Posted in:Malware
  • Author:
    Michael Marcos (Threat Response Engineer)
6

The DYRE/Dyreza banking malware is back with a new infection technique: we observed that it now hijacks Microsoft Outlook to spread the notorious UPATRE malware to target an expanded list of targeted banks. Last October 2014 we observed a hike in UPATRE-DYRE malware infections brought by the CUTWAIL spambot, a pattern we observed was similar…

Read More
Tags: banking malwareDYREDyrezaUPATRE

Security of Home Surveillance Cameras

  • Posted on:January 29, 2015 at 12:54 am
  • Posted in:Internet of Things
  • Author:
    Trend Micro
2

Home surveillance/security cameras have been available for quite some time, and can be used to keep track of one’s home, children, pets, or business.  These devices are, in some ways, the first exposure of people to the Internet of Things. For most people, home surveillance means setting up a camera and using the Internet to…

Read More
Tags: camerahome surveillanceinternet of thingsInternet of Things

Not So Spooky: Linux “Ghost” Vulnerability

  • Posted on:January 28, 2015 at 12:38 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Pawan Kinger (Director, Deep Security Labs)
14

Researchers at Qualys have found a vulnerability in the GNU C Library (alternately known as glibc), which can be used to run arbitrary code on systems running various Linux operating systems. The vulnerability (assigned as CVE-2015-0235) has been dubbed GHOST and is the latest vulnerability to receive a “friendly” name, joining others like Heartbleed, Shellshock,…

Read More
Tags: GhostglibcLinux

CVE-2015-0016: Escaping the Internet Explorer Sandbox

  • Posted on:January 27, 2015 at 11:04 pm
  • Posted in:Vulnerabilities
  • Author:
    Henry Li (Threats Analyst )
3

Part of this January’s Patch Tuesday releases was MS15-004, which fixed a vulnerability that could be used in escalation of privilege attacks. I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part…

Read More
Tags: CVE-2015-0016Internet Explorersandbox
Page 1 of 512 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.