Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    April 2015
    S M T W T F S
    « Mar    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    The recent Superfish incident has raised more concerns that SSL/TLS connections of users can be intercepted, inspected, and re-encrypted using a private root certificate installed on the user system. In effect, this is a man-in-the-middle (MITM) attack carried out within the user's own system. We believe that site owners adopting extended validation (EV) certificates would help warn users about possible MITM attacks. Here’s how a MITM interception works: Figure 1. Man-in-the-middle attack MITM attacks are justified by their creators as providing benefits to users, ...

    Posted in Bad Sites, Vulnerabilities |



    2014 was a year where cybercriminal attacks crippled both likely and unlikely targets. A year rife with destructive attacks, 2014 proved to be a difficult one for individuals and companies who were victimized by these threats. Massive data breach disclosures came one after another in 2014 in much more rapid succession than past years. The Sony Pictures breach in December, along with the other big breaches of the year illustrated the wide spectrum of losses that can hit a company that ...




    Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, which contains a sandbox that allows for on-the-fly analysis of various threats entering an organization's network. This allows it to detect even attacks that use zero-day exploits ...

    Posted in Exploits, Vulnerabilities |



    Recently, both HP's Zero Day Initiative (ZDI) and Google's Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where a vulnerability was disclosed without a patch has mixed results for end users: It pushes vendors to respond more quickly when vulnerabilities are disclosed to them in ...




    This month's Microsoft Patch Tuesday lists nine security bulletins released for February 2015, among which include a roll out for several vulnerabilities in Internet Explorer. This round of security updates includes three updates rated as Critical, while the remaining six were rated Important as Microsoft addressed a total of 56 CVEs. Last month's Patch Tuesday notification did not include patches for Internet Explorer and only had one update with a Critical rating. Critical Updates for February Patch Internet Explorer MS15-009, MS15-010, and MS15-011 ...



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice