• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities

How Bad is Badlock (CVE-2016-0128/CVE-2016-2118)?
  • Posted on:April 12, 2016 at 7:23 pm
  • Posted in:Vulnerabilities
  • Author:
    Pawan Kinger (Director, Deep Security Labs)
0
feature_badlock02

News about Badlock vulnerability affecting Windows computers and Samba servers started showing up on Twitter and media around three weeks ago. The site badlock[.]org was registered on March 11 according to WHOIS. There has been a lot of guessing and speculation around this vulnerability. It’s time for reality check: just how bad actually is Badlock?

Named vulnerabilities have resulted in being clichéd very quickly. Being a named vulnerability doesn’t qualify it as a serious widespread vulnerability. Badlock is somewhere in between. In this entry, we demystify the hype of Badlock with questions that measure it as a vulnerability. We also pin it up against a noteworthy case to see how it compares.

Read More
Tags: BadlockCVE-2016-0128CVE-2016-2118MS08-067Vulnerabilities

Adobe Releases Flash Security Update to Patch Exploited Vulnerability
  • Posted on:March 10, 2016 at 3:05 pm
  • Posted in:Vulnerabilities
  • Author:
    Paul Oliveria (Technical Communications)
0

Following its release of a security update for Acrobat and Reader, Adobe has released another one, this time to address 23 reported vulnerabilities in Flash. In its advisory (APSB16-08), Adobe notes that this patch addresses critical vulnerabilities that could allow an attack to gain control of an affected system. They further note that one of the vulnerabilities (CVE-2016-1010) “is being used in limited, targeted attacks.”

Read More
Tags: AdobeVulnerabilitiesvulnerability

Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate
  • Posted on:March 10, 2016 at 4:00 am
  • Posted in:Exploits, Malware, Vulnerabilities
  • Author:
    Brooks Li and Joseph C. Chen (Threats Analysts)
0

Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploit kits were a key part of the threat landscape in 2015. In this series of posts,…

Read More
Tags: Adobeadobe flashexploit kitInternet ExplorerVulnerabilities

October 2015 Patch Tuesday: Higher User Rights At Risk
  • Posted on:October 14, 2015 at 8:44 am
  • Posted in:Vulnerabilities
  • Author:
    Keith Cortez (Technical Communications)
0

Microsoft released six patches this month, which included three rated as critical and the remaining as important. The vulnerabilities found in October’s patch update targeted computer accounts with higher access rights and was done in multiple online and offline platforms. This means computers or laptops with overlapping users or have multiple access to admin accounts are…

Read More
Tags: MicrosoftOctober 2015 Patch TuesdayPatch TuesdayVulnerabilitiesvulnerability

Microsoft Issues Out-of-band Patch For Internet Explorer
  • Posted on:August 18, 2015 at 7:51 pm
  • Posted in:Exploits, Targeted Attacks, Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
0

Microsoft has released MS15-093, an out-of-band update for all supported versions of Windows. This bulletin fixes a vulnerability in Internet Explorer (designated as CVE-2015-2502) that allowed an attacker to run arbitrary code on a user’s system if they visited a malicious site. A compromised site, spear phishing, and/or malicious ads could all be used to deliver exploits…

Read More
Tags: 0dayExploitsInternet ExplorerMicrosoftVulnerabilitieszero day
Page 1 of 1112 › »

Business Email Compromise

  • How can a sophisticated email scam cause more than $2.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Deep Web

  • Trend Micro researchers have been taking deep dives into cybercriminal territory for years now. Find out more about the inner workings of the Deep Web and underground markets.

Latest Ransomware Posts

  • The Rise and Fall of Encryptor RaaS
  • From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • A Show of (Brute) Force: Crysis Ransomware Found Targeting Australian and New Zealand Businesses
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
  • New Version of Cerber Ransomware Distributed via Malvertising
  • CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
  • Cybercriminals Improve Android Malware Stealth Routines with OBAD

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.