• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for September 2016

A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • Posted on:September 19, 2016 at 4:17 am
  • Posted in:Ransomware
  • Author:
    Jon Oliver (Senior Architect)
0

Crysis (detected by Trend Micro as RANSOM_CRYSIS.A), a ransomware family first detected in February this year, has been spotted targeting businesses in Australia in New Zealand through remote desktop protocol (RDP) brute force attacks.

Crysis has been reported in early June this year to have set its sights into carving a market share left by TeslaCrypt when the latter’s developers decided to shut down their operations, and rivaling Locky’s prevalence in the ransomware threat landscape.

Read More
Tags: brute force attacksCrysisRDPremote desktop protocol

Untangling the Ripper ATM Malware
  • Posted on:September 19, 2016 at 12:01 am
  • Posted in:Malware
  • Author:
    Numaan Huq (Senior Threat Researcher)
0

Last August , security researchers released a blog discussing a new ATM malware family called Ripper which they believe was involved in the recent ATM attacks in Thailand. Large numbers of ATMs were also temporarily shut down as a precautionary measure.

During our analysis we noticed some additional details that where not called out, or which appear to contradict this earlier analysis. We highlight these differences in this blog post. We have also included technical indicators such as code offsets where possible for other researchers to follow on from our work.

Read More
Tags: ATM malwareRipper

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign
  • Posted on:September 15, 2016 at 4:10 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Brooks Li (Threats Analyst) and Henry Li (Threats Analyst)
0

In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.

In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.

Read More
Tags: AdGholasCVE-2016-3351Internet Explorermalvertisingmicrosoft edgevulnerability

September Patch Tuesday: Browser, Exchange, Office Bugs Dominate
  • Posted on:September 14, 2016 at 8:15 pm
  • Posted in:Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
0

The second Tuesday of the month is here, which means one thing – new patches from Microsoft. Compared to recent months, September’s batch of patches is slightly larger with 14 bulletins in all, evenly split between Critical and Important ones.

Read More
Tags: Exchange ServerPatch Tuesday

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Posted on:September 14, 2016 at 2:15 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.

This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.

Read More
Tags: CVE-2016-6662My SQLvulnerability
Page 2 of 4 ‹ 123 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
  • QAKBOT Resurges: Despite Takedowns, Online Banking Threats Persist
  • Coronavirus Update App Leads to Project Spy Android and iOS Spyware
  • Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
  • Targeted Ransomware Attack Hits Taiwanese Organizations

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.