• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Posted on:September 14, 2016 at 2:15 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0
feature_vul

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.

This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.

Read More
Tags: CVE-2016-6662My SQLvulnerability

BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Posted on:September 14, 2016 at 9:02 am
  • Posted in:Ransomware
  • Author:
    Trend Micro
0
feature_ransomeware

While most ransomware we’ve seen only target specific file types or folders stored on local drives, removable media and network shares, we were able to uncover a ransomware family that does not discriminate: HDDCryptor. Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive. Such a damaging routine makes this particular ransomware a very serious and credible threat not only to home users but also to enterprises.

Read More
Tags: HDDCryptorransomwareServer Message Block

Distrust Breeds Enmity in the French Underground
  • Posted on:September 14, 2016 at 3:20 am
  • Posted in:Deep Web
  • Author:
    Cedric Pernet (Threat Researcher)
0
feature_deepweb

We now know that most of the murky dealings that French cybercriminals engage in happen in the dark recesses of the Deep Web, specifically in the Dark Web. Every now and then though, cybercriminals would make their presence felt on the Surface Web. A popular cybercriminal marketplace now gone, French Dark Net, for one, was seen recently promoting its offerings on YouTube. We’ve seen similarities between the French as well as the Brazilian and North American underground markets in that they use social media as a platform to promote their illegal business. What sets the French underground apart?

Read More
Tags: French Dark NetFrench underground

A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple’s Developer Enterprise Program to Serve Adware
  • Posted on:September 12, 2016 at 4:54 am
  • Posted in:Mobile, Social
  • Author:
    Trend Micro
0
Mobile04

For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores.

Haima exactly does that, and more. We discovered this China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.

Read More
Tags: adwareiOSMobilePokemon Gorepackaged apps

Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Posted on:September 9, 2016 at 2:30 am
  • Posted in:Ransomware
  • Author:
    Trend Micro
0
feature_ransomeware

Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While most ransomware directly sends the gathered information to their designated C&C servers, there are some variants that slightly differ. CuteRansomware, for instance, uses Google Docs to pass information from the infected system to the attackers.

One of the latest ransomware families, CryLocker (detected as RANSOM_MILICRY.A), does the same by taking advantage of Imgur, a free online image hosting site that allows users to upload and share photos to their contacts. During our monitoring of activities related to exploit kits, we spotted both Rig and Sundown distributing this threat.

Read More
Tags: CryLockerrig exploit kitsundown exploit kit
Page 2 of 699 ‹ 123 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
  • Network Solutions to Ransomware – Stopping and Containing Its Spread

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • Locky Ransomware Now Downloaded as Encrypted DLLs
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Cybercriminals Improve Android Malware Stealth Routines with OBAD

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.