Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Archive for the ‘Vulnerabilities’ Category

    Java used to be a favored vulnerability target for cybercriminals. However, in recent years that has not been the case. The now-fixed Java zero-day that was used in the Pawn Storm campaign was, in fact, the first time in nearly two years that a zero-day had been found and reported in Java. This can be attributed, in part, to stepped up security measures for Java. As Oracle notes on the Java home page itself, out of date Java plugins are now disabled by major ...

    A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with "high severity", the vulnerability allows attackers to use certificates to produce other valid Certificates even if the signing certificate is not recognized by a Certificate Authority (CA). Using the proof of concept (POC) provided by the OpenSSL team, along with examples tested ...

    Posted in Vulnerabilities |

    July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported. In this month’s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers to take control of the system once successfully exploited.  In addition, a proof-of-concept (PoC) code has been spotted by one of our threats researchers. All ...

    Posted in Vulnerabilities |

    Oracle has released its Critical Patch Update for the month of July. The update provides fixes for 193 new security vulnerabilities, including the recently announced zero-day vulnerability first reported by Trend Micro researchers. What makes the zero-day discovery more notable is that it is being used in an ongoing targeted attack campaign, Operation Pawn Storm. This particular vulnerability was designated as CVE-2015-2590. Trend Micro first came across this vulnerability (and exploit) as part of our ongoing investigations on Operation Pawn Storm. We found ...

    Posted in Vulnerabilities |

    The hits keep on coming from the Hacking Team. After three separate Adobe Flash zero-days, another vulnerability that could take over user systems has been found. Our latest discovery is in Internet Explorer, and has been acknowledged by Microsoft and patched as part of the regular Patch Tuesday cycle as MS15-065. It has been designated as CVE-2015-2425. While we did find proof-of-concept (POC) code, there are still no known attacks exploiting this vulnerability. Vulnerability Information This zero-day vulnerability is a just-in-time (JIT) function ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice