Top IT Security Bloggers

TrendLabs - Malware Blog
  • How Performance Counters Opened Holes in Android

    TrendLabs - Malware Blog
    Earlier this week I talked at the annual HITB security conference in the Netherlands about some of my recent research into Android vulnerabilities. The topic of my talk was how performance counters in Android led to several serious vulnerabilities – including several that led to root access. This could allow an attacker to take control of...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    How Performance Counters Opened Holes in Android
  • IXESHE Derivative IHEATE Targets Users in America

    TrendLabs - Malware Blog
    Since 2012, we've been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.
    We also noticed that there were some changes to the underlying behavior of the malware used. While there were some incremental improvements in the observed behavior of the new sample, the underlying pattern of behavior is similar to what we observed earlier from IXESHE.
    These attacks targeting users in the United States used a variant of IXESHE which has been seen in Taiwan since 2009 named IHEATE. These showed some differences from known IXESHE variants: they had a different command-and-control (C&C) communication model and encryption methods.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    IXESHE Derivative IHEATE Targets Users in America
  • Say No to Ransomware With These Trend Micro Free Tools

    TrendLabs - Malware Blog
    Trend Micro has released free tools--Trend Micro Crypto-Ransomware File Decryptor Tool and Trend Micro Lock Screen Ransomware Tool--to help users and organizations fight back against the dangers that ransomware pose. Systems affected with certain crypto-ransomware variants like TeslaCrypt and CryptXXX can use the File Decryptor Tool to retrieve their files that were ‘held hostage’ by these threats. If your system is infected with ransomware that has a lock-screen feature, our Lock Screen Ransomware Tool will help users  gain access to their screen even though the malware is blocking normal and safe mode with networking. One of the primary goals of these tools is to prevent affected users and businesses from succumbing to the pressure and the demands of paying the ransom just to retrieve their confidential data.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Say No to Ransomware With These Trend Micro Free Tools
  • Fake Bank App Phishes Credentials, Locks Users Out

    TrendLabs - Malware Blog
    It’s not uncommon for malware to have capabilities that protects itself. This usually consists of routines that help keep it hidden. One particular mobile malware caught our attention with its unique combination that makes its attack stealthy, and it has the capability to locks a user’s device. A similar routine was reported previously in our...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Fake Bank App Phishes Credentials, Locks Users Out
  • High-Profile Cyber Theft Against Banks Targeted SWIFT Systems

    TrendLabs - Malware Blog
    Much has been reported and discussed about the bank heists that affected Bangladesh, Vietnam, and Ecuador. All three cases involved the Society for Worldwide Interbank Financial Transfers (SWIFT), a system used by financial/banking institutions worldwide for communicating financial messages or instructions, and has more than 10,000 customers from the financial sector: banks, brokerage institutions, foreign exchanges, and investment firms, among others. These high-profile attacks pose the question of how the attackers could gain foothold and authorization to do the transaction or payment order? What tools were used? And what security controls have to be in place that can detect these suspicious activities?
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    High-Profile Cyber Theft Against Banks Targeted SWIFT Systems
  • Will CryptXXX Replace TeslaCrypt After Ransomware Shakedown?

    TrendLabs - Malware Blog
    The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent event, indicators are pointing to a new strong man in the ransomware game: CryptXXX.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Will CryptXXX Replace TeslaCrypt After Ransomware Shakedown?
  • LinkedIn Breach: More Questions than Answers

    TrendLabs - Malware Blog
    Earlier this week, it was reported that the 2012 breach of LinkedIn was far worse than originally thought: instead of the 6.5 million stolen records that were reported at the time, it turned out that 167 million users were affected. 117 million of these records contained the user's email address and password.
    It wasn't until this bigger breach was sold in dark web communities that everyone became aware of this bigger problem. LinkedIn issued a blog post that confirmed the leaked data was authentic and asked affected users to reset their passwords.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    LinkedIn Breach: More Questions than Answers
  • Kernel Waiter Exploit from the Hacking Team Leak Still Being Used

    TrendLabs - Malware Blog
    Although the Hacking Team leak took place several months ago, the impact of this data breach—where exploit codes were made public and spurred a chain of attacks—can still be felt until today. We recently spotted malicious Android apps that appear to use an exploit found in the Hacking Team data dumps. The apps, found in certain websites, could allow remote attackers to gain root privilege when successfully exploited. Mobile devices running on Android version 4.4 (KitKat) and below, which account for nearly 57% of total Android devices, are susceptible to attacks that may abuse this flaw.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Kernel Waiter Exploit from the Hacking Team Leak Still Being Used
  • Flashlight App Spews Malicious Ads

    TrendLabs - Malware Blog
    Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone. Chances are, these apps will come with updates and ads. Imagine that, flashlights with updates and ads. And while this may seem normal with how apps operate, one flashlight app that’s available in Google Play shows ads that goes beyond the annoying and tells users that their mobile unit is infected with malware.
    Super-Bright LED Flashlight on its own is a safe application. However, when a user runs the app, a webpage opens and tells that their device is infected with malware and has a broken battery. The webpage also advises users to install an Android optimizer and anti-virus app to resolve these issues. When we checked the app, the ad was not part of its routine.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Flashlight App Spews Malicious Ads
  • New Flash Vulnerability CVE-2016-4117 Shares Similarities With Older Pawn Storm Exploit

    TrendLabs - Malware Blog
    Earlier this week Adobe released a security advisory (APSA16-02) which disclosed that a critical vulnerability (CVE-2016-4117) was present in versions of Adobe Flash Player. Reports also said it was being exploited in the wild. A successful exploit could cause the targeted system to crash and potentially allow arbitrary code to run on the system, allowing an attacker to take control of it. Note that Adobe has released the patch on May 12.
    We would like to dive into the detail this vulnerability to provide additional background information about this threat.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New Flash Vulnerability CVE-2016-4117 Shares Similarities With Older Pawn Storm Exploit

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place