• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   vulnerability

Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability
  • Posted on:May 11, 2018 at 6:00 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018. Our analysis found that it’s increased activity was caused by cybercriminals engaging in cryptomining via exploiting CVE-2017-10271. The flaw is a patched Oracle WebLogic WLS-WSAT vulnerability that can allow remote attackers to execute arbitrary code on unpatched servers. This marks the second time attackers abused CVE-2017-10271 for cryptomining purposes this year. In February, the vulnerability was exploited to deliver 64-bit and 32-bit variants of an XMRig Monero miner.

Read More
Tags: cryptocurrencyOracle WebLogicvulnerability

Janus Android App Signature Bypass Allows Attackers to Modify Legitimate Apps
  • Posted on:December 26, 2017 at 5:00 am
  • Posted in:Malware, Mobile
  • Author:
    Veo Zhang (Mobile Threats Analyst)
0

Android’s regular security update for December 2017 included a fix for a serious vulnerability that could allow attackers to modify installed apps without affecting their signature. This would allow an attacker to gain access to the affected device (indirectly). First found by researchers in July, this vulnerability (designated as CVE-2017-13156, and also called the Janus vulnerability) affects versions of Android from 5.1.1 to 8.0; approximately 74% of all Android devices have these versions installed.

Read More
Tags: Janusmobile malwarevulnerability

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
  • Posted on:September 25, 2017 at 5:00 am
  • Posted in:Bad Sites, Malware, Mobile, Vulnerabilities
  • Author:
    Mobile Threat Response Team
0

The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It is categorized as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system. Dirty COW attacks on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices. Almost a year later, Trend Micro researchers captured samples of ZNIU (detected as AndroidOS_ZNIU)—the first malware family to exploit the vulnerability on the Android platform.

Read More
Tags: androidDirty COWLinuxmobile malwarevulnerabilityZNIU

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign
  • Posted on:September 15, 2016 at 4:10 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Brooks Li (Threats Analyst) and Henry Li (Threats Analyst)
0

In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.

In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.

Read More
Tags: AdGholasCVE-2016-3351Internet Explorermalvertisingmicrosoft edgevulnerability

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Posted on:September 14, 2016 at 2:15 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.

This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.

Read More
Tags: CVE-2016-6662My SQLvulnerability
Page 1 of 2212 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Legitimate Application AnyDesk Bundled with New Ransomware Variant
  • FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
  • New Phishing Scam uses AES Encryption and Goes After Apple IDs
  • Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users
  • Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.