Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Bad Sites’ Category




    OpenSSL said last Tuesday, March 17, that they plan to release several code fixes address a number of vulnerabilities, which include those that have been classified as “high” severity. There had been speculation building around these vulnerabilities, as the bug was hinted as "the next Heartbleed" according to reports. The fix was released today, two days after their announcement. Today's security bulletin noted that the following just-released versions are all secure: OpenSSL version 1.0.2a (addresses CVE-2015-0209, CVE-2015-0285, and CVE-2015-0288) OpenSSL version 1.0.1m (addresses CVE-2015-0288) OpenSSL version ...

    Posted in Bad Sites | Comments Off on OpenSSL Releases Patches to Address “Severe” Security Holes



    2014 was a year in flux for the Deep Web. We briefly discussed this in our annual security roundup, but this is a topic worth exploring in some detail. In late 2013, the operator of the Silk Road marketplace, Ross Ulbricht (also known as Dread Pirate Roberts) was arrested, and recently he was convicted on various charges by a US federal court. Naturally, because the market abhors a vacuum, replacement marketplaces have shown up. Of course, many of these have led short - and ...

    Posted in Bad Sites | Comments Off on The Deep Web: Shutdowns, New Sites, New Tools



    The recent Superfish incident has raised more concerns that SSL/TLS connections of users can be intercepted, inspected, and re-encrypted using a private root certificate installed on the user system. In effect, this is a man-in-the-middle (MITM) attack carried out within the user's own system. We believe that site owners adopting extended validation (EV) certificates would help warn users about possible MITM attacks. Here’s how a MITM interception works: Figure 1. Man-in-the-middle attack MITM attacks are justified by their creators as providing benefits to users, ...

    Posted in Bad Sites, Vulnerabilities | Comments Off on Extended Validation Certificates: Warning Against MITM Attacks



    2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats. Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that ...

    Posted in Bad Sites, Botnets, Exploits, Malware, Targeted Attacks, Vulnerabilities | Comments Off on 2014 Annual Security Roundup: Magnified Losses, Amplified Need for Cyber-Attack Preparedness



    We have helpful information that can help us identify the exploit kit used in the Adobe Flash zero-day attack we blogged about yesterday. Adobe states in their advisory that the related vulnerability, CVE-2015-0313, affects current versions (Adobe removed version 11.x and earlier from affected software). At first, we figured that the exploit kit involved was Angler Exploit Kit because of the URL's characteristics. So we tested it using Angler HTML parameters and found that SWF_EXPLOIT.MJST can be run. Another clue that led ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice