Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Over the weekend, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer. (It has also been assigned the CVE designation CVE-2014-1776.) This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all ...




    Two weeks ago, we talked about how many sites in the top 1 million domains (as judged by Alexa) were vulnerable to the Heartbleed SSL vulnerability. How do things stand today? Figure 1. Sites vulnerable to Heartbleed as of April 22 Globally, the percentage of sites that is vulnerable to Heartbleed has fallen by two-thirds, to just under 10 percent. Only three TLDs we looked at have percentages above the global number: Brazil (.BR), China (.CN), and Russia (.RU). The only TLD with ...

    Posted in Data, Vulnerabilities | Comments Off



    Tax season in the US and Canada has always been popular among cybercriminals. After all, it's one of the few reliable times in a year that a lot of money gets thrown around online, due to the convenience of filing (and) paying taxes over the Internet. As such, we make it a point to look out for threats specifically targeting taxpayers before, during and after tax season and every year, we invariably find a lot of them. This year was no ...

    Posted in Malware, Spam, Vulnerabilities | Comments Off



    In an earlier blog post, we mentioned that mobile apps are also affected by the Heartbleed vulnerability. This is because mobile apps may connect to servers affected by the bug. However, it appears that mobile apps themselves could be vulnerable because of a bundled OpenSSL library. OpenSSL Library Present in Android 4.1.1 and Certain Mobile Apps We have information that although the buggy OpenSSL is integrated with the Android system, only the Android 4.1.1 version is affected by Heartbleed vulnerability. For devices with that ...




    In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability  (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in what can only be described as a sophisticated exploit. It's quite fortunate that Microsoft was able to patch this vulnerability quickly, as its sophistication and the widespread ...

    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice