Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Dianne Lagrimas (Technical Communications)

    We see the ‘cool’ when we wear or operate our smart TVs and watches and all other smart devices we own. But are we aware of how the data is processed in these devices? And where does the data we get or the data that these devices transmit end up?

    Most, if not all, smart devices are connected to the Internet – where the data we send and receive over our smart devices are stored. Before ending up on the Internet, the data passes through several layers:

    1. Link layer – where the smart devices sends and shares the data. In this layer, the data is shared among devices via Wi-Fi, Ethernet, RFID, and Bluetooth protocols, among others.
    2. Router layer – can also be referred to as the Smart Hub layer. It is the device that connects all of your smart devices to the Internet.
    3. Session layer – when you use apps in your smart devices (think FitBit as an example), the data sent and received through these apps are managed in this layer. Both HTTP and HTTPS are the more known protocols used in this layer.
    4. Internet layer – can also be called as the Cloud layer. This is where the data ends up. If you use apps that have equivalent Web-based login pages (take fitness monitoring apps such as Runtastic, for example), you’ll see the 101 steps you recorded is ‘pushed’ to your Web profile almost immediately.

    Now there is nothing wrong with the way smart devices and the Internet link together. It’s perfectly fine save for one thing: there are risks. The possibility of the Internet layer (where the data is stored) being attacked is highly likely. Password-based attacks – guessing passwords, brute force attacks – can be used to access the Internet layer and steal data. Changing the data that passes through the Session layer by way of man-in-the-middle (MITM) attacks is also possible. Hacking the Link layer, while difficult and low-yield, is also likely.

    Be on the safe and smart side of smart devices. Our infographic Layers and Protocols: Possible Attacks on the Internet of Everything walks you through the risks and suggests protection measures you need to know and implement.

    Posted in Internet of Things | Comments Off on Risky Links: Layers and Protocols of Internet of Everything Devices

    Cybercriminals intending to take your data find various ways through social engineering. For example, in our investigation of what seemed to be a run-of-the mill spam run leading to a pharma site, we’ve uncovered the same points we have raised in our eguide, How Social Engineering Works.

    The spam run starts as an email notification bearing the familiar Facebook blue lines, and the message itself wants the recipient to confirm their account. Such practice is nothing out of the ordinary, as most membership-based sites (even non-social networking ones) send users an email to confirm their membership. The problem in this case, however, is that the email address to which the message was sent to is not affiliated to any Facebook account.

    Further checking on the spam message, it turns out that clicking on the link leads to a fake pharma site:

    While this kind of spam run is certainly not new, further analysis has revealed that this run has the potential to lead to more “evil” kinds of payload.

    Spam runs such as this one are versatile, and can lead to anything – from survey scams to the popular blackhole exploit kit, and can be changed from one to the other very quickly. So the fact that it loads a relatively “harmless” pharma site today, does not guarantee that it will do the same tomorrow.

    Our investigation shows that this spam run is indeed a versatile one. The links in the spammed messages can be redirected to any number of sites, and these sites can lead to differenet kinds of threats such as malware, phishing attacks, and others.

    In order to address this, the Trend Micro Smart Protection Network correlates billions of data that is used to actively identify and block spam, malicious URL, and detect and delete malware. This ensures layers of protections for Trend Micro product users against threats such as this one.

    Posted in Social, Spam | Comments Off on Threats Get Trickier with Versatility and Social Engineering

    This month’s Microsoft Patch Tuesday release is the lightest month in the past year. Not only did Microsoft release just two bulletins, but also both bulletins are rated Important. The last time Microsoft released bulletins as few as two was in May 2011.

    In focus this month are two cross-site scripting vulnerabilities found in Visual Studio Team Foundation Server and System Center Configuration Manager 2003 and System Center Configuration Manager 2007. All are used in businesses mainly to facilitate collaboration and consumerization, respectively. And businesses stand to lose when vulnerable products used in a large scale are not patched immediately. Attackers have been using cross-site scripting vulnerabilities in their arsenal, one of the reasons attacks were successful and widespread in 2011.

    Trend Micro Deep Security users are protected from cross-site scripting attacks with the rule 1000552 – Generic Cross Site Scripting(XSS) Prevention, which shipped in 2007. The bulletins are further discussed in this Threat Encyclopedia page.

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Posted in Vulnerabilities | Comments Off on XSS Vulnerabilities are Patched in September 2012 Microsoft Bulletin Release

    This month, Microsoft issues nine bulletins that addresses a total of 15 vulnerabilities. Of the five bulletins rated Critical, three point to vulnerabilities found in core components in Windows.

    Remote Desktop Protocol (RDP) and Internet Explorer version 6 to 9, both of which were updated in June, are again included in the critical-rated vulnerability list. A Windows print spooler vulnerability and Windows networking components vulnerabilities, rated Critical, are also patched this month. Another update to a Windows Common Controls file (MSCOMCTL.OCX) has been issued. Note that this file exists in a host of Microsoft applications – some of them are MS Visual FoxPro, MS Office, MS SQL Server. Back in April and May this year, another vulnerability (CVE-2012-0158) in MSCOMCTL.OCX was actively exploited by attackers. Some of the exploits were seen in targeted attacks.

    Trend Micro Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plugin users are actively protected from exploits targeting these vulnerabilities via the rules that shipped out today. More information on the specific rule protection and the vulnerabilities are found in this Threat Encyclopedia page.

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Posted in Vulnerabilities | Comments Off on Several Core Components in Windows Patched in August Patch Tuesday

    Microsoft released nine bulletins yesterday, including a patch for MS Security Advisory (2719615), which Microsoft put out on the same day of last month’s bulletin release. Although we have not seen an increase in attacks utilizing the said vulnerability, we found several exploit codes and wrote detailed analyses on these.

    Trend Micro Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plugin users have been protected since the advisory was put out. The rule 1005061 – Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889) actively protects from attacks attempting to exploit the Microsoft XML Core Services vulnerability.

    In other vulnerability news, we are also shipping out the rule 1004968 – Microsoft .NET Framework Tilde Character Denial of Service Vulnerability that protects against possible attacks that may use the yet-to-be-patched Microsoft IIS tilde character vulnerability. The vulnerability may result in a denial of service (DoS) if successfully exploited.

    More information on the bulletins and the corresponding Deep Security/IDF rules are found in this Threat Encyclopedia page.

    Posted in Exploits, Vulnerabilities | Comments Off on July 2012 Patch Tuesday Includes Update for MS Security Advisory (2719615)


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice