• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Jack Tang (Threats Analyst)

Jack Tang

Threats Analyst

New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection
  • Posted on:October 19, 2015
  • Posted in:Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

Several months ago, we disclosed that Pawn Storm was using a then-undiscovered zero-day Java vulnerability to carry out its attacks. At the time, we noted that a separate vulnerability was used to bypass the click-to-play protection that is in use by Java. This second vulnerability has now been patched by Oracle as part of its regular quarterly update.

Click-to-play requires the user to click the space where the Java app would normally be displayed before it is executed. In effect, it asks the user if they are really sure they want to run any Java code.

Bypassing click-to-play protection allows for malicious Java code to run without any alert windows being shown. This was quite useful in Pawn Storm, as it used exploits targeting these vulnerabilities to carry out targeted attacks against North Atlantic Treaty Organization (NATO) members and the White House earlier this year.

Read More
Tags: Click-to-PlayCVE-2015-4902Java Naming and Directory InterfaceNATONorth Atlantic Treaty OrganizationPawn StormvulnerabilityWhite Housezero day

Analyzing the Pawn Storm Java Zero-Day – Old Techniques Reused
  • Posted on:July 17, 2015
  • Posted in:Exploits, Targeted Attacks, Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

Java used to be a favored vulnerability target for cybercriminals. However, in recent years that has not been the case. The now-fixed Java zero-day that was used in the Pawn Storm campaign was, in fact, the first time in nearly two years that a zero-day had been found and reported in Java. This can be attributed, in part,…

Read More
Tags: 0dayExploitJavaPawn Stormvulnerability

A Look at the OpenType Font Manager Vulnerability from the Hacking Team Leak
  • Posted on:July 7, 2015
  • Posted in:Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
7

Earlier this week, the Italian company known as Hacking Team experienced a breach, with more than 400GB of confidential company data made available to the public. The company was known for selling what it described as tools used to lawfully intercept communications that could be used by governments and law enforcement agencies. The company has…

Read More
Tags: ExploitHacking TeamvulnerabilityWindowszero-day vulnerability

Analysis of CVE-2015-2360 – Duqu 2.0 Zero Day Vulnerability
  • Posted on:June 17, 2015
  • Posted in:Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques. The vulnerability…

Read More
Tags: CVE-2015-2360Duqu 2.0escalation-of-privilege vulnerability

Exploring CVE-2015-1701 — A Win32k Elevation of Privilege Vulnerability Used in Targeted Attacks
  • Posted on:May 22, 2015
  • Posted in:Exploits, Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
1

Our analysis of the win32k.sys vulnerability used in a recent targeted attack reveals that it opens up an easy way to bypass the sandbox, making it a bigger threat than originally thought. As mentioned in Microsoft security bulletin MS15-051, CVE-2015-1701 is an elevation of privilege vulnerability that exists when the Win32k.sys kernel-mode driver improperly handles…

Read More
Tags: APTCVE-2015-1701Exploitsrussian dollTargeted AttackVulnerabilities
Page 1 of 3123

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Network Solutions to Ransomware – Stopping and Containing Its Spread

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • Cybercriminals Improve Android Malware Stealth Routines with OBAD
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.