Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • Email Subscription

  • About Us


    Archive for the ‘Exploits’ Category




    With the New Year celebrations safely behind us, it's time to look forward and plan for 2015. Before we can do that, however, we need to spend a few minutes to remember the vulnerabilities of 2014 and what we can take away from these. Every year there are several zero-days and tons of undisclosed vulnerabilities fixed by software vendors. This year was a little different: The total number of disclosed vulnerabilities per year almost hit 10,000. Because of this, the maintainers of the ...

    Posted in Exploits, Vulnerabilities | Comments Off on Remembering the Vulnerabilities of 2014



    Security researchers have announced a new "vulnerability" in Linux dubbed "Grinch", which allows for escalation-of-privilege attacks in versions of Linux that use the polkit toolkit for privilege authorization. However, the true threat of this vulnerability is much more limited. The bug was named after the holiday season and the Dr. Seuss character, as some would say that this would have the potential to ruin the season of network administrators. An independent researcher first posted about this vulnerability - which he called PackageKit Privilege Escalation ...

    Posted in Exploits, Vulnerabilities | Comments Off on Doubts Raised About “Grinch” Linux Vulnerability



    Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there are now some key technical differences between these various exploit kits. In this post, we shall go over some of these differences. Exploits used Exploits targeting Internet Explorer, ...

    Posted in Exploits | Comments Off on What’s New in Exploit Kits in 2014



    We recently found a new banking Trojan which targeted several banks in South Korea. This isn’t the first, though: in June last year, we saw that several online banking threats widened their range and targeted South Korean banks using various techniques. Throughout the course of monitoring similar threats, we noticed a new wave of banking Trojans targeting South Korean banks that show unusual behavior, including the use of Pinterest as their command and control (C&C) channel. Infection Via Malicious Iframe Injection This threat is currently affecting users in South Korea via compromised ...

    Posted in Bad Sites, Exploits, Malware | Comments Off on Banking Trojan Targets South Korean Banks; Uses Pinterest as C&C Channel



    Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to escape sandboxes. In both October and November Patch Tuesday cycles, Microsoft addressed several vulnerabilities that were used by attackers to escape the Internet Explorer sandbox. One of ...

    Posted in Exploits, Vulnerabilities | Comments Off on Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice