Top IT Security Bloggers

Trend Micro - Security Intelligence
  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload

    Trend Micro - Security Intelligence
    Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe.
    The post SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload appeared first on .
  • CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows

    Trend Micro - Security Intelligence
    We found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users.
    We’ve worked with Oracle through our Zero Day Initiative to patch this flaw, and this has been fixed via Oracle’s October patch update. Users and businesses are accordingly urged to patch and update their version of Java.
    In this blog post, we will delve into how this flaw works on Windows — how Java Usage Tracker works and defining the conditions that enabled the exploit.
    The post CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows appeared first on .
  • October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day

    Trend Micro - Security Intelligence
    This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.
    The post October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day appeared first on .
  • Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads

    Trend Micro - Security Intelligence
    A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.
    The post Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads appeared first on .
  • New CVE-2018-8373 Exploit Spotted in the Wild

    Trend Micro - Security Intelligence
    By Elliot Cao On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit, possibly in the wild, that uses the same vulnerability.  It’s important to note that this exploit doesn’t...
    The post New CVE-2018-8373 Exploit Spotted in the Wild appeared first on .
  • Virobot Ransomware with Botnet Capability Breaks Through

    Trend Micro - Security Intelligence
    We have recently observed the Virobot ransomware (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH) which has botnet capabilities, affecting users in the United States.
    The post Virobot Ransomware with Botnet Capability Breaks Through appeared first on .
  • September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities

    Trend Micro - Security Intelligence
    September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code...
    The post September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities appeared first on .
  • A Closer Look at the Locky Poser, PyLocky Ransomware

    Trend Micro - Security Intelligence
    While ransomware has noticeably plateaued in today’s threat landscape, it’s still a cybercriminal staple. In fact, it saw a slight increase in activity in the first half of 2018, keeping pace by being fine-tuned to evade security solutions, or in the case of PyLocky (detected by Trend Micro as RANSOM_PYLOCKY.A), imitate established ransomware families and ride on their notoriety.
    In late July and throughout August, we observed waves of spam email delivering the PyLocky ransomware. Although it tries to pass off as Locky in its ransom note, PyLocker is unrelated to Locky. PyLocky is written in Python, a popular scripting language; and packaged with PyInstaller, a tool used to package Python-based programs as standalone executables.
    The post A Closer Look at the Locky Poser, PyLocky Ransomware appeared first on .
  • Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum

    Trend Micro - Security Intelligence
    We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian countries. The sample data we saw was unencrypted (in plaintext), some of which were in CSV, SQL, and TXT dumps.
    We believe this stolen data is related to the data breach (reported on August 29) that exposed up to 130 million PII. The news that reported the data breach matched with an advertisement we saw in the dark web selling the stolen data for eight bitcoins (equivalent to more than US$58,000 as of September 5, 2018).
    The post Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum appeared first on .
  • The Urpage Connection to Bahamut, Confucius and Patchwork

    Trend Micro - Security Intelligence
    In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
    The post The Urpage Connection to Bahamut, Confucius and Patchwork appeared first on .

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release