• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Jack Tang (Threats Analyst)

Jack Tang

Threats Analyst

Practical Android Debugging Via KGDB
  • Posted on:January 16, 2017
  • Posted in:Malware, Mobile
  • Posted by:
    Jack Tang (Threats Analyst)
0

Kernel debugging gives security researchers a tool to monitor and control a device under analysis. On desktop platforms such as Windows, macOS, and Linux, this is easy to perform. However, it is more difficult to do kernel debugging on Android devices such as the Google Nexus 6P . In this post, I describe a method to perform kernel debugging on the Nexus 6P and the Google Pixel, without the need for any specialized hardware.

Read More
Tags: androiddebuggingKGDB

One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild
  • Posted on:December 2, 2016
  • Posted in:Exploits, Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances.

Read More
Tags: CVE-2016-7255vulnerability analysis

New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection
  • Posted on:October 19, 2015
  • Posted in:Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

Several months ago, we disclosed that Pawn Storm was using a then-undiscovered zero-day Java vulnerability to carry out its attacks. At the time, we noted that a separate vulnerability was used to bypass the click-to-play protection that is in use by Java. This second vulnerability has now been patched by Oracle as part of its regular quarterly update.

Click-to-play requires the user to click the space where the Java app would normally be displayed before it is executed. In effect, it asks the user if they are really sure they want to run any Java code.

Bypassing click-to-play protection allows for malicious Java code to run without any alert windows being shown. This was quite useful in Pawn Storm, as it used exploits targeting these vulnerabilities to carry out targeted attacks against North Atlantic Treaty Organization (NATO) members and the White House earlier this year.

Read More
Tags: Click-to-PlayCVE-2015-4902Java Naming and Directory InterfaceNATONorth Atlantic Treaty OrganizationPawn StormvulnerabilityWhite Housezero day

Analyzing the Pawn Storm Java Zero-Day – Old Techniques Reused
  • Posted on:July 17, 2015
  • Posted in:Exploits, Targeted Attacks, Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
0

Java used to be a favored vulnerability target for cybercriminals. However, in recent years that has not been the case. The now-fixed Java zero-day that was used in the Pawn Storm campaign was, in fact, the first time in nearly two years that a zero-day had been found and reported in Java. This can be attributed, in part,…

Read More
Tags: 0dayExploitJavaPawn Stormvulnerability

A Look at the OpenType Font Manager Vulnerability from the Hacking Team Leak
  • Posted on:July 7, 2015
  • Posted in:Vulnerabilities
  • Posted by:
    Jack Tang (Threats Analyst)
7

Earlier this week, the Italian company known as Hacking Team experienced a breach, with more than 400GB of confidential company data made available to the public. The company was known for selling what it described as tools used to lawfully intercept communications that could be used by governments and law enforcement agencies. The company has…

Read More
Tags: ExploitHacking TeamvulnerabilityWindowszero-day vulnerability
Page 1 of 412 › »

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default
  • iOS URL Scheme Susceptible to Hijacking
  • New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices
  • Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
  • Trickbot Watch: Arrival via Redirection URL in Spam

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.