Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe.
Read More
We found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users.
We’ve worked with Oracle through our Zero Day Initiative to patch this flaw, and this has been fixed via Oracle’s October patch update. Users and businesses are accordingly urged to patch and update their version of Java.
In this blog post, we will delve into how this flaw works on Windows — how Java Usage Tracker works and defining the conditions that enabled the exploit.
Read More
This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
Read More
A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.
Read More