Home PHP Scripts Contact News Articles RSS Readers Members Area

Anti-Malware

 
Main

Security

Anti-Malware
Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Mar 2017 | Feb 2017 | Jan 2017 | Dec 2016 | Nov 2016 | Oct 2016 | Sep 2016 | Aug 2016 | Jul 2016 | Jun 2016 | May 2016 | Apr 2016 | Mar 2016 | Feb 2016 | Jan 2016 | Dec 2015 | Nov 2015 | Oct 2015 | Sep 2015 | Aug 2015 | Jul 2015 | Jun 2015 | May 2015 | Apr 2015 | Mar 2015 | Feb 2015 | Jan 2015 | Dec 2014 | Nov 2014 | Oct 2014 | Sep 2014 | Aug 2014 | Jul 2014 | Jun 2014 | May 2014 | Apr 2014 | Mar 2014 | Feb 2014 | Jan 2014 | Dec 2013 | Nov 2013 | Oct 2013 | Sep 2013 | Aug 2013 | Jul 2013 | Jun 2013 | May 2013 | Apr 2013 | Mar 2013 | Feb 2013 | Jan 2013 | Dec 2012 | Nov 2012 | Oct 2012 | Sep 2012 | Aug 2012 | Jul 2012 | Jun 2012 | May 2012 | Apr 2012 | Mar 2012 | Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 |

Wed, 29 Mar 17
Cerber Starts Evading Machine Learning
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/80kV4SZ7pxE/
CERBER is a ransomware family which has adopted a new technique to make itself harder to detect: it is now using a new loader which appears to be designed to evade detection by machine learning solutions. This loader is designed to hollow out a normal process where the code of CERBER is instead run.Post from: Trendlabs Security Intelligence Blog - by Trend MicroCerber Starts Evading Machine Learning

Sat, 25 Mar 17
CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/N0Xn-9PoLag/
Part of this month’s Patch Tuesday is an update for a zero-day information disclosure vulnerability (CVE-2017-0022), which we privately reported to Microsoft in September 2016. This vulnerability was used in the AdGholas malvertising campaign and later integrated into the Neutrino exploit kit. Post from: Trendlabs Security Intelligence Blog - by Trend MicroCVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino

Fri, 24 Mar 17
Third-Party App Stores Delivered via the iOS App Store
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/l0HV7HRCNH4/
The iOS ecosystem is usually described as a closed ecosystem, under the strict control of Apple. However, there are still ways to get around this tight control. Remember the Haima app? That method relied on enterprise certificates from Apple—which are costly, since the certificates needed are changed very frequently. We are currently seeing how third-party app stores are improving. Recently, we saw an app that leads to a third-party app store being offered on the official iOS App Store. To evade detection, this app was concealed as a legitimate app. In at least one case, an app used for jailbreaking was available via this third-party app store. Post from: Trendlabs Security Intelligence Blog - by Trend Micro Third-Party App Stores Delivered via the iOS App Store

Thu, 23 Mar 17
Winnti Abuses GitHub for C&C Communications
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mBCFR1k6aeY/
Developers constantly need to modify and rework their source codes when releasing new versions of applications or coding projects they create and maintain. This is what makes GitHub—an online repository hosting service that provides version control management—popular. In many ways, it’s like a social networking site for programmers and developers, one that provides a valuable platform for code management, sharing, collaboration, and integration. GitHub is no stranger to misuse, however. Open-source ransomware projects EDA2 and Hidden Tear—supposedly created for educational purposes—were hosted on GitHub, and have since spawned various offshoots that have been found targeting enterprises. Tools that exploited vulnerabilities in Internet of Things (IoT) devices were also made available on GitHub. Even the Limitless Keylogger, which was used in targeted attacks, was linked to a GitHub project. Other threat actors have abused GitHub—namely, the Winnti APT group. This time, however, Winnti abused GitHub by turning it into a conduit for the command and control (C&C) communications of their seemingly newfangled backdoor (detected by Trend Micro as BKDR64_WINNTI.ONM). Post from: Trendlabs Security Intelligence Blog - by Trend Micro Winnti Abuses GitHub for C&C Communications

Thu, 23 Mar 17
Mediaserver Vulnerabilities Highlight Android’s March Security Bulletin
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/pm9WK899pV4/
The Android security bulletin for March, published last March 6, contains 15 vulnerabilities that we discovered and privately disclosed to Google. Like some of our previous discoveries, many of these new vulnerabilities concern Mediaserver, which is the component responsible for scanning and indexing all available media files in the Android operating system.Post from: Trendlabs Security Intelligence Blog - by Trend MicroMediaserver Vulnerabilities Highlight Android’s March Security Bulletin

Thu, 16 Mar 17
MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/EZQxeQ5NE7Y/
We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A). Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. We estimate that MajikPOS’s initial infection started around January 28, 2017. While other PoS malware FastPOS (its updated version), Gorynych and ModPOS also feature multiple components with entirely different functions like keylogging, MajikPOS’s modular tack is different. MajikPOS needs only another component from the server to conduct its RAM scraping routine. Post from: Trendlabs Security Intelligence Blog - by Trend Micro MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks

Thu, 16 Mar 17
Microsoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/QsgckAyntWk/
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical updates bulletins is MS17-012, which resolves several vulnerabilities, including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB). Post from: Trendlabs Security Intelligence Blog - by Trend MicroMicrosoft Patch Tuesday of March 2017: 18 Security Bulletins; 9 Rated Critical, 9 Important

Sat, 11 Mar 17
New Linux Malware Exploits CGI Vulnerability
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nZvmeoUuGlQ/
by Jeanne Jocson and Jennifer Gumban Linux has long been the preferred operating system for enterprise platforms and Internet of Things (IoT) manufacturers. Linux-based devices are continually being deployed in smart systems across many different industries, with IoT gateways facilitating connected solutions and services central to different businesses. In connection to their widespread use, we’ve...Post from: Trendlabs Security Intelligence Blog - by Trend MicroNew Linux Malware Exploits CGI Vulnerability

Fri, 10 Mar 17
TorrentLocker Changes Attack Method, Targets Leading European Countries
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/AqZYC7oF6lg/
The TorrentLocker ransomware, which has been in a lull as of late, has recently come back with new variants that are using a new delivery mechanism that uses abused Dropbox accounts. This new type of attack is in line with our 2017 prediction that ransomware would continue to evolve beyond the usual attack vectors.Post from: Trendlabs Security Intelligence Blog - by Trend MicroTorrentLocker Changes Attack Method, Targets Leading European Countries

Fri, 10 Mar 17
CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/huXtTU34c4Q/
Apache Struts is a free and open-source framework used to build Java web applications. We looked into past several Remote Code Execution (RCE) vulnerabilities reported in Apache Struts, and observed that in most of them, attackers have used Object Graph Navigation Language (OGNL) expressions. The use of OGNL makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes. Using OGNL, a researcher found a new remote code execution vulnerability in Apache Struts 2, designated as CVE-2017-5638. An exploit has been reported to be already in the wild; our own research and monitoring have also seen attacks using the vulnerability. Post from: Trendlabs Security Intelligence Blog - by Trend Micro CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution

 

amigura.co.uk All Rights Reserved.