Vulnerabilities & Exploits
- January 06, 2015Looking back at the biggest security stories and issues of 2014, how they affected users and various industries, and what we can learn from them.
- December 26, 2014A collaboration between Trend Micro and Facebook found attacks that actively attempt to exploit an existing vulnerability. The attack targets Facebook users via a link in a particular page that leads to a malicious site.
- December 02, 2014A look into the threat landscape during the third quarter of 2014 reveals the loopholes and vulnerabilities in often overlooked targets such as routers and PoS systems that were used as attack vectors.
- November 19, 2014Microsoft has released an out-of-band security bulletin (MS14-068) that addresses a vulnerability in various versions of Windows, stating that the vulnerability is already being used in “limited, targeted attacks”.
- November 14, 2014Microsoft released 16 security updates during its Patch Tuesday release for November 2014, including one for the Windows OLE Automation Array Remote Code Execution Vulnerability that affects almost all Windows versions.
- October 29, 2014A new Shellshock attack targeting SMTP servers has been discovered. Attackers used email to deliver the exploit, which downloads and executes an IRC Bot.
- October 26, 2014Zero-day exploits aren't the only exploits used in the targeted attack landscape. In the first half of 2014, we also found out that attackers still heavily target older vulnerabilities.
- October 24, 2014We typically expect to see at least three to four zero-day vulnerabilities a year. October 2014 is proving to be an exception to the rule as three zero-day vulnerabilities have already been exploited within the month.
- October 22, 2014Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), new attacks related to this flaw are still being spotted. These attacks contain a new routine that could prevent detection.