• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Internet Explorer

Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner
  • Posted on:May 31, 2018 at 5:01 am
  • Posted in:Bad Sites, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page. Sometime around February to March last year, however, we saw Rig’s Seamless campaign adding another layer or gate before the actual landing page.

Along with updates in code, we also observed Rig integrating a cryptocurrency-mining malware as its final payload. Based on the latest activities we’ve observed from Rig, they’re now also exploiting CVE-2018-8174, a remote code execution vulnerability patched in May and reported to be actively exploited. The exploit also appears to be from a recently disclosed proof of concept. The security flaw affects systems running Windows 7 and later operating systems, and the exploit works through Internet Explorer (IE) and Microsoft Office documents that use the vulnerable script engine.

Read More
Tags: cryptocurrency minerCVE-2018-4878Internet ExplorerMonerorig exploit kit

CVE-2016-3298: Microsoft Puts the Lid on Another IE Zero-day Used in AdGholas Campaign
  • Posted on:October 31, 2016 at 9:00 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Henry Li (Threats Analyst )
0

Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer (IE) via MS16-118 and MS16-126: CVE-2016-3298. Before the lid was put on it, the security flaw was employed alongside CVE-2016-3351 by operators of the AdGholas malvertising campaign, analysis and disclosure of which were made with our collaboration with Proofpoint’s @kafeine last July 2016. The campaign was notable for the economies of scale and scope it achieved in its heyday until its operations were stymied. As shared by @kafeine, it was even integrated in Neutrino exploit kit’s malvertising chain as a malicious JavaScript.

Exploiting CVE-2016-3298 enables attackers to check for specific antivirus (AV) software installed in the system in order to avoid AV detection and threat research/analysis. This sounds innocuous, but determining if the system is unsecure eases—and even automates—the undertaking of sneaking malware into it.

Read More
Tags: AdGholasCVEInternet ExplorermalvertisingVulnerabilities

October Patch Tuesday: Microsoft Releases 10 Security Bulletins, Five Rated Critical
  • Posted on:October 12, 2016 at 9:19 am
  • Posted in:Vulnerabilities
  • Author:
    Leo Balante (Technical Communications)
0

Microsoft has officially rolled out security updates for this month’s Patch Tuesday, marking the first of its new rollup model aimed at providing a “more consistent and simplified servicing experience.” This means that security and non-security fixes will be deployed in a consolidated pack, while a monthly security update will also be released together with the previous month’s patches. Further, Microsoft will also release a “preview rollup” of upcoming non-security patches on the third Tuesday of every month, a week following Patch Tuesday. This preview of patches allows customers to test applications prior to the actual monthly release of the consolidated bundle of fixes.

Read More
Tags: Adobe Flash PlayerInternet ExploreInternet ExplorerPatch Tuesday

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign
  • Posted on:September 15, 2016 at 4:10 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Brooks Li (Threats Analyst) and Henry Li (Threats Analyst)
0

In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.

In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.

Read More
Tags: AdGholasCVE-2016-3351Internet Explorermalvertisingmicrosoft edgevulnerability

Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate
  • Posted on:March 10, 2016 at 4:00 am
  • Posted in:Exploits, Malware, Vulnerabilities
  • Author:
    Brooks Li and Joseph C. Chen (Threats Analysts)
0

Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploit kits were a key part of the threat landscape in 2015. In this series of posts,…

Read More
Tags: Adobeadobe flashexploit kitInternet ExplorerVulnerabilities
Page 1 of 812 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Using Insights From DefPloreX-NG to Thwart Web Defacement Attacks
  • North American Malware Trends: Taking a Proactive Approach to Modern Threats
  • VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
  • Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits
  • Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.