Top IT Security Bloggers

TrendLabs - Malware Blog
  • March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes

    TrendLabs - Malware Blog
    Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important and included patches for various Windows components such as Microsoft Office, Work Folders, and Network Connections Service. One final vulnerability was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before they were patched this month.
    The post March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes appeared first on .
  • Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)

    TrendLabs - Malware Blog
    Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
    The post Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487) appeared first on .
  • Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks

    TrendLabs - Malware Blog
    We decided to dig deeper the behavior of Geost, a trojan targetting Russian banks, by reverse engineering a sample of the malware. The trojan employed several layers of obfuscation, encryption, reflection, and injection of non-functional code segments that made it more difficult to reverse engineer.
    The post Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks appeared first on .
  • Security Risks in Online Coding Platforms

    TrendLabs - Malware Blog
    Before cloud integrated development environments (IDEs) became an option, you, i.e., the developer, typically need to download and/or install everything you need onto your own workstations. However, as DevOps gained traction and cloud computing usage grew, you can now also code online. Convenient, yes, but are online IDEs secure? To answer this, we will focus on two popular cloud-based IDEs: AWS Cloud9 and Visual Studio Online.
    The post Security Risks in Online Coding Platforms appeared first on .
  • LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File

    TrendLabs - Malware Blog
    Recently, we discovered LokiBot (detected by Trend Micro as Trojan.Win32.LOKI) impersonating a popular game launcher to trick users into executing it on their machines. Further analysis revealed that a sample of this variant employs a quirky, installation routine that involves dropping a compiled C# code file.
    The post LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File appeared first on .
  • An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

    TrendLabs - Malware Blog
    A code-level root cause analysis of CVE-2020-0601 in the context of how applications are likely to use CryptoAPI to handle certificates — more specifically in the context of applications communicating via Transport Layer Security (TLS).
    The post An In-Depth Technical Analysis of CurveBall (CVE-2020-0601) appeared first on .
  • February Patch Tuesday: Fixes for Critical LNK, RDP, Trident Vulnerabilities

    TrendLabs - Malware Blog
    The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining 99 deemed Important. Only five of the vulnerabilities were made public before the patches were released; one of these was rated as Critical.
    The post February Patch Tuesday: Fixes for Critical LNK, RDP, Trident Vulnerabilities appeared first on .
  • Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems

    TrendLabs - Malware Blog
    We observed an increase in hacking group Outlaw's activities in December, with updates on the kits’ capabilities reminiscent of their previous attacks.
    The post Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems appeared first on .
  • Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud

    TrendLabs - Malware Blog
    We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.
    The post Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud appeared first on .
  • Security Analysis of Devices That Support SCPI and VISA Protocols

    TrendLabs - Malware Blog
    Standard Commands for Programmable Instruments (SCPI) is a legacy protocol that most advanced measurement instruments support. However, it is important to note that authentication is not innate in this protocol.
    The post Security Analysis of Devices That Support SCPI and VISA Protocols appeared first on .