Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Bad Sites’ Category




    Yahoo recently rolled out a new way for users to access their services without entering a password. Their new system uses a cellphone to authenticate the user. Instead of entering a password, the user receives a verification code via text message on their phone. (The user would have provided their phone number to Yahoo when setting this option up.) Once the user receives this code, they enter it on the Yahoo login page and voilà!, they're logged in. So what's wrong with this? ...




    We have detected through feedback from the Trend Micro™ Smart Protection Network™ that the Nuclear Exploit Kit has been updated to include the recently fixed Adobe Flash Player vulnerability identified as CVE-2015-0336. We first saw signs of this malicious activity on March 18 this year. This particular vulnerability was only recently fixed as part of Adobe's regular March update for Adobe Flash Player which upgraded the software to version 17.0.0.134. However, our feedback indicates that many users are still running the previous ...

    Posted in Bad Sites, Exploits, Malware | Comments Off on Freshly Patched Flash Exploit Added to Nuclear Exploit Kit



    OpenSSL said last Tuesday, March 17, that they plan to release several code fixes address a number of vulnerabilities, which include those that have been classified as “high” severity. There had been speculation building around these vulnerabilities, as the bug was hinted as "the next Heartbleed" according to reports. The fix was released today, two days after their announcement. Today's security bulletin noted that the following just-released versions are all secure: OpenSSL version 1.0.2a (addresses CVE-2015-0209, CVE-2015-0285, and CVE-2015-0288) OpenSSL version 1.0.1m (addresses CVE-2015-0288) OpenSSL version ...

    Posted in Bad Sites | Comments Off on OpenSSL Releases Patches to Address “Severe” Security Holes



    2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail. In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short - and ...

    Posted in Bad Sites | Comments Off on The Deep Web: Shutdowns, New Sites, New Tools



    The recent Superfish incident has raised more concerns that SSL/TLS connections of users can be intercepted, inspected, and re-encrypted using a private root certificate installed on the user system. In effect, this is a man-in-the-middle (MITM) attack carried out within the user's own system. We believe that site owners adopting extended validation (EV) certificates would help warn users about possible MITM attacks. Here’s how a MITM interception works: Figure 1. Man-in-the-middle attack MITM attacks are justified by their creators as providing benefits to users, ...

    Posted in Bad Sites, Vulnerabilities | Comments Off on Extended Validation Certificates: Warning Against MITM Attacks


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice