• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for July 2017

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer
  • Posted on:July 19, 2017 at 7:22 am
  • Posted in:Bad Sites, Exploits
  • Author:
    Joseph C Chen (Fraud Researcher)
0

We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel.

ProMediads has been active as early as 2016, employing Rig and Sundown exploit kits to deliver malware. Its activities dropped off in mid-February this year, but suddenly welled on June 16 via Rig. However, we noticed that ProMediads eschewed Rig in favor of Sundown-Pirate on June 25.

It’s worth noting that Sundown-Pirate is only employed by ProMediads so far. This could mean that it’s yet another private exploit kit, like the similarly styled GreenFlash Sundown exploit kit that was exclusively used by the ShadowGate campaign.

Read More
Tags: exploit kitLockPOSmalvertisingProMediadsSundown-Pirate

Linux Users Urged to Update as a New Threat Exploits SambaCry 
  • Posted on:July 18, 2017 at 7:10 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker could open a command shell in a vulnerable device and take control of it. It affects all versions of Samba since 3.5.0.

Read More

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
  • Posted on:July 17, 2017 at 3:55 am
  • Posted in:Mobile
  • Author:
    Trend Micro
0

The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.

Detected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities.

There are three versions of GhostCtrl. The first stole information and controlled some of the device’s functionalities without obfuscation, while the second added more device features to hijack. The third iteration combines the best of the earlier versions’ features—and then some. Based on the techniques each employed, we can only expect it to further evolve.

Read More
Tags: androidbackdoorGhostCtrlOmniRAT

Are Your Online Mainframes Exposing You to Business Process Compromise?
  • Posted on:July 13, 2017 at 11:01 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies.

Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if they’re not necessarily “broken”—but unsecure? Exposing a mainframe online, even unintentionally, can be detrimental to the security not only of the company’s crown jewels, but also their customers. This is what we found using data from Shodan, a public search engine for internet-connected devices.

Read More
Tags: Business Process CompromiseMainframesShodan

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability
  • Posted on:July 13, 2017 at 7:00 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.)

Read More
Tags: Apache Struts
Page 1 of 212

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • SLocker Mobile Ransomware Starts Mimicking WannaCry
  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard
  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Large-Scale Petya Ransomware Attack In Progress, Hits Europe Hard
  • Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More
  • Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability
  • Information Stealer Found Hitting Israeli Hospitals
  • PETYA Crypto-ransomware Overwrites MBR to Lock Users Out of Their Computers

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.