Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Vulnerabilities’ Category




    Internet Explorer is possibly the most popular target for vulnerabilities around today. In 2014 alone, a total of 243 memory corruption vulnerabilities in Internet Explorer were disclosed and patched. Every Microsoft Patch Tuesday cycle contains one bulletin that covers multiple IE vulnerabilities - the monthly "Cumulative Security Update for Internet Explorer", as it is called by Microsoft. There have been many zero-day attacks that specifically targeted vulnerabilities in Internet Explorer, such as: CVE-2013-1347 (MS13-038) CVE-2013-3893 (MS13-080) CVE-2014-1776 (MS14-021) As a result, the reputation of Internet Explorer is a ...




    Another zero-day vulnerability has been found by Trend Micro researchers from the Hacking Team trove of data. We reported this vulnerability to Microsoft, and it has been designated as CVE-2015-2426. It has also been patched in an unusual out-of-band patch. It could be used to carry out a Windows local privilege escalation (LPE).  By exploiting this vulnerability, attackers could infect the victims’ systems with rootkits or bootkits under unexpected system privilege without any notification. The vulnerability can allow attackers remote control over the ...




    Java used to be a favored vulnerability target for cybercriminals. However, in recent years that has not been the case. The now-fixed Java zero-day that was used in the Pawn Storm campaign was, in fact, the first time in nearly two years that a zero-day had been found and reported in Java. This can be attributed, in part, to stepped up security measures for Java. As Oracle notes on the Java home page itself, out of date Java plugins are now disabled by major ...




    A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with "high severity", the vulnerability allows attackers to use certificates to produce other valid Certificates even if the signing certificate is not recognized by a Certificate Authority (CA). Using the proof of concept (POC) provided by the OpenSSL team, along with examples tested ...

    Posted in Vulnerabilities |



    July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported. In this month’s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers to take control of the system once successfully exploited.  In addition, a proof-of-concept (PoC) code has been spotted by one of our threats researchers. All ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice