• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits

Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices
  • Posted on:November 28, 2018 at 11:54 pm
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

We explored possible strategies attackers can employ when abusing PowerShell Core. These proofs of concept (PoCs) would help in better understanding — and in turn, detecting and preventing — the common routines and behaviors of possible and future threats that attackers might use. The PoCs we developed using PowerShell Core were conducted on Windows, Linux, and mac OSs. Most of the techniques we applied can be seen from previous threats involving PowerShell-based functionalities, such as the fileless KOVTER and POWMET. The scenarios in our PoCs are also based on the PowerShell function they use.

Read More
Tags: PowershellPowerShell Core

Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
  • Posted on:October 25, 2018 at 1:56 pm
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

We recently observed cases of abuse of the systems running misconfigured Docker engine with Docker application program interface (API) ports exposed. We also noticed that the malicious activities were focused on scanning for open ports 2375/TCP and 2376/TCP, which are used by the Docker engine daemon (dockerd). The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.

Docker implements virtualization on the operating-system (OS) level — also known as containerization. The Docker APIs, in particular, allow remote users to control Docker images like a local Docker client does. Opening the API port for external access is not recommended, as it can allow hackers to abuse this misconfiguration for malicious activities.

Read More
Tags: cloudContainerDevOpsDocker

SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload
  • Posted on:October 19, 2018 at 6:15 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe.

Read More
Tags: machine learningmalicious fileMicrosoft

CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
  • Posted on:October 17, 2018 at 5:59 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    William Gamazo Sanchez (Vulnerability Research)
0

We found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users.

We’ve worked with Oracle through our Zero Day Initiative to patch this flaw, and this has been fixed via Oracle’s October patch update. Users and businesses are accordingly urged to patch and update their version of Java.

In this blog post, we will delve into how this flaw works on Windows — how Java Usage Tracker works and defining the conditions that enabled the exploit.

Read More
Tags: CVE-2018-3211JavaJava Usage Tracker

October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
  • Posted on:October 9, 2018 at 10:45 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.

Read More
Tags: October 2018 Patch TuesdayPatch Tuesday
Page 1 of 6612 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Fake Banking App Found on Google Play Used in SMiShing Scheme
  • Perl-Based Shellbot Looks to Target Organizations via C&C
  • Exploring Emotet: Examining Emotet’s Activities, Infrastructure
  • TrickBot’s Bigger Bag of Tricks
  • Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.