• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for October 2016

CVE-2016-3298: Microsoft Puts the Lid on Another IE Zero-day Used in AdGholas Campaign
  • Posted on:October 31, 2016 at 9:00 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Henry Li (Threats Analyst )
0

Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer (IE) via MS16-118 and MS16-126: CVE-2016-3298. Before the lid was put on it, the security flaw was employed alongside CVE-2016-3351 by operators of the AdGholas malvertising campaign, analysis and disclosure of which were made with our collaboration with Proofpoint’s @kafeine last July 2016. The campaign was notable for the economies of scale and scope it achieved in its heyday until its operations were stymied. As shared by @kafeine, it was even integrated in Neutrino exploit kit’s malvertising chain as a malicious JavaScript.

Exploiting CVE-2016-3298 enables attackers to check for specific antivirus (AV) software installed in the system in order to avoid AV detection and threat research/analysis. This sounds innocuous, but determining if the system is unsecure eases—and even automates—the undertaking of sneaking malware into it.

Read More
Tags: AdGholasCVEInternet ExplorermalvertisingVulnerabilities

Masque Attack Abuses iOS’s Code Signing to Spoof Apps and Bypass Privacy Protection
  • Posted on:October 31, 2016 at 1:00 am
  • Posted in:Mobile, Social, Vulnerabilities
  • Author:
    Trend Micro
0

First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima’s repackaged, adware-laden apps and its native helper application prove that App Store scammers are still at it.

This is in light of the significant amount of malicious and potentially unwanted iOS apps we found signed with enterprise certificates and had the same Bundle IDs as their official versions on the App Store. Delving into them, we found that Haima and other third-party app stores were pulling off their scams by abusing a feature in iOS’s code signing process to achieve data inheritance.

Read More
Tags: HaimaiOSrepackaged appsthird-party app stores

Control Flow Guard Improvements in Windows 10 Anniversary Update
  • Posted on:October 28, 2016 at 1:00 am
  • Posted in:Vulnerabilities
  • Author:
    Henry Li (Threats Analyst )
0

Control Flow Guard (CFG) is an exploit mitigation feature that Microsoft introduced in Windows 10 and Windows 8.1 Update 3 that makes it significantly harder for exploits to run code on systems running these operating systems. This year’s major Windows 10 update (called the Anniversary Update) introduced improvements to CFG. The Anniversary Update began its rollout to most users in August 2016, although it may not be finished deploying to all users until this coming November.

Read More
Tags: Anniversary UpdateControl Flow GuardWindows 10

Patch Your Flash: Another Zero-Day Vulnerability Hits Adobe Flash
  • Posted on:October 27, 2016 at 3:00 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
0

Adobe has released an out-of-bound patch for Flash Player due to a zero-day vulnerability. According to Adobe’s bulletin (APSB16-36), versions of Flash from 23.0.0.185 and earlier (released on October 11) are affected. (Adobe Flash Player for Linux uses a separate version numbering system; for that product versions 11.2.202.637 and earlier are vulnerable.) We urge all users who still have Flash installed to update to the version released today as soon as possible.

Read More
Tags: Adobe Flash Playerzero-day vulnerability

BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
  • Posted on:October 27, 2016 at 1:00 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Trend Micro
0

BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the ELIRKS backdoor when it was first discovered in 2012. It is known for using blogs and microblogging services to hide the location of its actual command-and-control (C&C) servers. This allows an attacker to change the C&C server used quickly by changing the information in these posts.

Like most campaigns, BLACKGEAR has evolved over time. Our research indicates that it has started targeting Japanese users. Two things led us to this conclusion: first, the fake documents that are used as part of its infection routines are now in Japanese. Secondly, it is now using blogging sites and microblogging services based in Japan for its C&C activity.

Read More
Tags: BLACKGEARELIRKS
Page 1 of 3123

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
  • Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Fake Banking App Found on Google Play Used in SMiShing Scheme

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.