• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   vulnerability

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
  • Posted on:September 25, 2017 at 5:00 am
  • Posted in:Bad Sites, Malware, Mobile, Vulnerabilities
  • Author:
    Mobile Threat Response Team
0

The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It is categorized as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system. Dirty COW attacks on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices. Almost a year later, Trend Micro researchers captured samples of ZNIU (detected as AndroidOS_ZNIU)—the first malware family to exploit the vulnerability on the Android platform.

Read More
Tags: androidDirty COWLinuxmobile malwarevulnerabilityZNIU

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign
  • Posted on:September 15, 2016 at 4:10 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Brooks Li (Threats Analyst) and Henry Li (Threats Analyst)
0

In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims. It also used steganography to hide malicious code within a picture.

In the process of working on this campaign, we found and analyzed an information disclosure vulnerability in both Internet Explorer and Microsoft Edge. We worked with Microsoft to address this flaw, named as CVE-2016-3351. Previously considered as a zero-day vulnerability, this issue was fixed in MS16-104 for Internet Explorer and MS16-105 for Edge, which was released though a patch earlier this week.

Read More
Tags: AdGholasCVE-2016-3351Internet Explorermalvertisingmicrosoft edgevulnerability

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability
  • Posted on:September 14, 2016 at 2:15 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure.

This particular vulnerability was designated as CVE-2016-6662, one of two serious flaws that the researcher found. This vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server. The other assigned as CVE-2016-6663 has not yet been disclosed.

Read More
Tags: CVE-2016-6662My SQLvulnerability

ImageMagick Vulnerability Allows for Remote Code Execution, Now Patched
  • Posted on:May 6, 2016 at 6:50 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Sumit Soni (Vulnerability Research)
0

ImageMagick is a popular software suite that is used to display, convert, and edit images. On May 3, security researchers publicly disclosed multiple vulnerabilities in the open-source image processing tool in this suite, one of which could potentially allow remote attackers to take over websites.

Read More
Tags: CVE-2016-3714ImageMagickvulnerability

Adobe Releases Flash Security Update to Patch Exploited Vulnerability
  • Posted on:March 10, 2016 at 3:05 pm
  • Posted in:Vulnerabilities
  • Author:
    Paul Oliveria (Technical Communications)
0

Following its release of a security update for Acrobat and Reader, Adobe has released another one, this time to address 23 reported vulnerabilities in Flash. In its advisory (APSB16-08), Adobe notes that this patch addresses critical vulnerabilities that could allow an attack to gain control of an affected system. They further note that one of the vulnerabilities (CVE-2016-1010) “is being used in limited, targeted attacks.”

Read More
Tags: AdobeVulnerabilitiesvulnerability
Page 1 of 2112 › »

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Business Email Compromise

  • How can a sophisticated email scam cause more than $5.3 billion in damages to businesses around the world?
    See the numbers behind BEC

Latest Ransomware Posts

  • WannaCry Ransomware Sold in the Middle Eastern and North African Underground
  • Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
  • Android Mobile Ransomware: Bigger, Badder, Better?
  • Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
  • New WannaCry-Mimicking SLocker Abuses QQ Services

Ransomware 101

  • This infographic shows how ransomware has evolved, how big the problem has become, and ways to avoid being a ransomware victim.
    Check the infographic

Popular Posts

  • iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
  • ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
  • Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
  • SYSCON Backdoor Uses FTP as a C&C Channel
  • An Elaborate ATM Threat Crops Up: Network-based ATM Malware Attacks

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.