본문 바로가기

malware

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements Our researchers have discovered a new zero-day exploit in Adobe Flash used in malvertisement attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313. Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains.According to our data.. 더보기
A Closer Look at the Exploit Kit in CVE-2015-0313 Attack We have helpful information that can help us identify the exploit kit used in the Adobe Flash zero-day attack we blogged about yesterday. Adobe states in their advisory that the related vulnerability, CVE-2015-0313, affects current versions (Adobe removed version 11.x and earlier from affected software).At first, we figured that the exploit kit involved was Angler Exploit Kit because of the URL’.. 더보기
Another Network Forensic Tool for the Toolbox - Dshell This is a guest diary written by Mr. William Glodek – Chief, Network Security Branch, U.S. Army Research LaboratoryAs a network analysis practitioner, I analyze multiple gigabytes of pcap data across multiple files on a daily basis. I have encountered many challenges where the standard tools (tcpdump, tcpflow, Wireshark/tshark) were either not flexible enough or couldn’t be prototyped quickly en.. 더보기
cve-2015-0016-escaping-the-internet-explorer-sandbox Part of this January’s Patch Tuesday releases was MS15-004, which fixed a vulnerability that could be used in escalation of privilege attacks.I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part of exploit mitigation techniques, any .. 더보기
독일 정부의 공식 Web 사이트에 대한 공격의 배후 하쿠티비스토 집단 "Cyber​​Berkut"는 부모 러시아 학자 "CyberBerkut"라는 집단이 2015 년 1 월 7 일 (현지 시간) 독일 정부의 여러 Web 사이트에 침입 했다고 범행 성명을 냈습니다. 트렌드 마이크로는 우크라이나의 우파 정당 (Pravy Sektor)가 "Pastebin"에 게시 된 정보를 바탕으로이 집단 구성원에 대한 정보를 입수했습니다.■ CyberBerkut이란 무엇인가 CyberBerkut 부모 러시아 파의 집단에서 반대 우크라이나의 정치 활동을 목적으로 한 하쿠티비스토입니다. CyberBerkut라는 조직 이름은 1992 년에 우크라이나 내무부에서 설립 된 "Berkut"(우크라이나어로 검 독수리)라는 특수 경찰 부대에 유래하고 있습니다. CyberBerkut이 특수 부대의 이름을 이용한뿐만 아니라 휘장도 모방하고.. 더보기
Flash Player에 존재하는 취약점 "CVE-2015-0311"의 철저한 분석 2015 년 1 월 20 일 이후 Adobe Flash Player에 존재하는 심각한 제로 데이 취약점 이 확인되었습니다.Adobe는이 취약점에 대한 패치 를 주말부터 순차적으로 공개하고 자동 업데이트를 사용하고있는 사용자는 최신 버전 (16.0.0.296)에 업데이트 할 수 있습니다. 트렌드 마이크로는 분석을 통해 취약점을 안고 코드가 수정되어 있는지 확인합니다.수동 업데이트의 최신 버전은 이번 주에 공개 될 예정입니다. Chrome 및 Internet Explorer (IE)의 새 버전을 지원하는 Flash Player의 최신 버전도 비슷한시기에 공개됩니다.당사가 입수 한 검체를 분석 한 결과, 악성 Flash 파일 (확장자 SWF)에 포함 된 실제 Flash 파일을 확인했습니다. 이 실제 파일은 복.. 더보기
Analyzing CVE-2015-0311: Flash Zero Day Vulnerability Last week a major zero-day vulnerability was found in Adobe Flash Player. Over the weekend, Adobe released an update to fix the vulnerability: users who have enabled auto-update already received the newest version (16.0.0.296). Our analysis has confirmed that the vulnerable code has been modified.The update will be available for manual download later this week. Users of Chrome and newer versions.. 더보기
Over a Decade and Still Running: Targeted Attack Tool Hides Windows Tasks Our engineers were investigating a case involving a targeted attack when they came across a custom tool calledvtask.exe. Once executed, vtask.exe hides Windows tasks in the current session. What’s curious about this attacker-created tool is that it appears to have been compiled in 2002—twelve years ago.A Look at VtaskThe compiler time shows that Vtask is a tool written in Visual Basic (VB) and c.. 더보기
Analysis of setting cookies for third party websites in different browsers tl;drThis post discusses the results from our research into the ability of third party websites setting cookies for first party websites across different web browsers. The ability to be able to set cookies in this manner not only facilitates tracking but also opens up other opportunities and avenues of attack.IntroductionCookies are one of the most common sources of user supplied input for web a.. 더보기
SQL Injections in MySQL LIMIT clause Countless number of articles was written on the exploitation of SQL Injections. This post is dedicated to a very specific situation. When assessing the severity of SQL Injection in certain application, I encountered a problem, which I was not able to solve quickly using web search. It’s about a question if SQL injection vulnerability in the LIMIT clause in MySQL 5.x database is currently exploit.. 더보기

티스토리툴바