TrendLabs - Malware BlogThe year so far has been a particularly stressful one for enterprise IT staff. Early in the year, concerns over data breaches and point of sale POS malware gave retailers something to worry about. The long-simmering headache of Windows XP migration came to a head when support for the venerable OS ended in April. That would […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe First Line of Defense: IT Personnel
TrendLabs - Malware BlogFacebook users are once again the target of a malicious scheme—this time in the form of a notification about “Facebook Chat”. The spammed notification pretends to come from the “official Facebook Chat Team.” A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroFake Facebook Chat Verification Used for Spam
TrendLabs - Malware BlogIn previous blog entries, we’ve discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTrend Micro Heartbleed Detector Now Available
TrendLabs - Malware BlogOut with the old, in with the new? When it comes to cybercrime, that’s rarely the case. We often seen old malware get upgrades with new techniques, payloads, and even targets. This is certainly the case for an old Java remote access Trojan (RAT) detected as JAVA_OZNEB.B. Users may encounter this threat as an attachment […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroOld Java RAT Updates, Includes Litecoin Plugin
TrendLabs - Malware BlogIn an earlier blog post, we mentioned that mobile apps are also affected by the Heartbleed vulnerability. This is because mobile apps may connect to servers affected by the bug. However, it appears that mobile apps themselves could be vulnerable because of a bundled OpenSSL library. OpenSSL Library Present in Android 4.1.1 and Certain Mobile […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroBundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed
TrendLabs - Malware BlogIn between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroNewly Patched MS Word 0-Day Heuristically Detected by Deep Discovery
TrendLabs - Malware BlogThe severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted by Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroHeartbleed Bug—Mobile Apps are Affected Too
TrendLabs - Malware BlogIn trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under “vulnerable” or “safe.” The data we were able to […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroHeartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M
TrendLabs - Malware Blog“Get rich fast” scams have been circulating online for several years now. Some examples would be the classic Nigerian or 419 scams, lottery scams, and work-from-home scams. The stories may vary but the underlying premise is the same: get a large sum of money for doing something with little to no effort. Scammers have now […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroBitcoin, the Latest Lure of Scammers
TrendLabs - Malware BlogSoftware vulnerabilities exist – it’s a fact of life that we all have to live with, and if we’re both lucky and diligent enough, we can patch it before any cybercriminals can exploit it. That isn’t always the case, but thankfully that’s the exception, not the rule. However, news broke out recently of a vulnerability […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroSkipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability
Sign up now »
The lightest, fastest, easiest-to-manage, and most effective endpoint protection.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.