Articles about Trend Micro

Ransomware scum build weapon from JavaScript

New ransomware written entirely in JavaScript has appeared encrypting users files for a US$250 (£172, A$336) ransom and installing a password-stealing application. Researchers @jameswt_mht and @benkow_ found the ransomware they dubbed RAA. Bleeping Computer malware man Lawrence Abrams described the ransomware noting it is …
Team Register, 20 Jun 2016
Philips Android TV

Forget Game of Thrones as Android ransomware infects TVs

Researchers at Trend Micro have spotted a new variant of ransomware code that can be used to lock down Android-powered smartphones and televisions. The FLocker (short for the Frantic Locker) malware has been in circulation since at least April 2015 and has concentrated on locking down smartphone handsets running the latest …
Iain Thomson, 13 Jun 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Microsoft warns of worm ransomware, finds fix in Windows 10 upgrade

Microsoft is warning of a wormable ransomware that infects removable drives on versions of its operating system below Windows 10. The ZCrypt scumware is distributed through old but effective methods of phishing emails, Word document macros, and fake Adobe Flash installers. It drops a warning notice in a HTML file informing …
Darren Pauli, 01 Jun 2016

Infosec freeloaders not welcome as malware silo VirusTotal gets tough

Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has …
Iain Thomson, 09 May 2016

How to evade the NSA: OpSec guide for journalists also used by terrorists

Privacy guides meant for journalists are being re-purposed by terrorist groups, Trend Micro researchers say. The guides are designed to help hacks avoid surveillance by nation-states and well-resourced adversaries focusing on encryption, operational security, recommended and untrusted platforms. It is one finding of dozens …
Darren Pauli, 04 May 2016

Adobe scrambles to untangle itself from QuickTime after Apple throws it over a cliff

Apple has finally informed its customers that it is no longer supporting QuickTime for Windows. Adobe, whose code is intertwined with QuickTime, is having to do a rapid reworking of its software to avoid putting users at risk. Last week, Trend Micro went public with the news that Apple had dumped support QuickTime for Windows …
Iain Thomson, 22 Apr 2016

US-CERT advice says kill Quicktime for Windows, quickly

US-CERT has echoed The Register's advice to the effect that if you're running Quicktime for Windows, it's time to delete it. Right now. The United States' Department of Homeland Security's Computer Emergency Response Team's advice comes after Apple took Quicktime for Windows for its long drive down a country road. As noted by …

Uninstall QuickTime for Windows: Apple will not patch its security bugs

RIP QuickTime for Windows. Apple is "deprecating support" for the application, and will no longer patch security flaws in the software. The iGiant is also quietly advising users to uninstall the media player from their Windows machines to avoid being hacked. Word of the end of support comes from infosec biz Trend Micro. It …
Iain Thomson, 14 Apr 2016

Dear Windows, OS X folks: Update Flash now. Or kill it. Killing it works

Adobe has published new versions of Flash to patch a vulnerability being exploited right now by hackers to hijack PCs and Macs. The APSB16-10 update addresses a total of 24 CVE-listed flaws, including one (CVE-2016-1019) that's been exploited in the wild to inject malware into Microsoft Windows and Apple OS X systems. Users …
Shaun Nichols, 08 Apr 2016
Katipunan, Quezon City, Philippines. Photo by Chris Villarin, CC 3.0

Megabreach: 55 MILLION voters' details leaked in Philippines

A massive data breach appears to have left 55 million Philippine voters at much greater risk of identity fraud and more. Security researchers warn that the entire database of the Philippines’ Commission on Elections (COMELEC) has been exposed in what appears to be the biggest government related data breach in history. The …
John Leyden, 07 Apr 2016

Patch out for 'ridiculous' Trend Micro command execution vuln

A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines. The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or …
John Leyden, 31 Mar 2016

Hackers crack OS X, Windows, web browsers' security to net $460,000

Pwn2Own Researchers pulled off multiple OS X, Windows and web browser exploits at the latest Pwn2Own competition. White hat hackers earned $460,000 in prizes for finding and exploiting 21 security vulnerabilities in widely used software. Details of the flaws were privately shared with vendors so that their code that can be fixed and …
John Leyden, 18 Mar 2016

Quadsys Five enter 'not guilty' pleas to Crown court charges

The fraud case against five men from security reseller Quadsys will go to trial in September after they pleaded not guilty to allegations of hacking into a rival’s database to plunder customer and pricing data. The individuals charged include MD Paul Cox, owner Paul Streeter, director Alistair Barnard, account manager Steve …
Paul Kunert, 18 Mar 2016
Sony Xperia Z4 4G Android tablet

Your unpatchable, insecure Android mobe will feel right at home in the Internet of Stuff era

If you've got a Qualcomm Snapdragon chip in your Android phone and tablet, make sure you grab its latest security updates – if you can. And if you can't, well, get used to it: the Internet of Things is going to bring more and more un-patchable and insecure electronics onto the market, it's feared. Researchers at Trend Micro …
Iain Thomson, 16 Mar 2016

Millions menaced as ransomware-smuggling ads pollute top websites

Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via …
John Leyden, 15 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016

Phew! No evidence found for global criminal hacker conspiracy

Trend Micro security bods have 'capped' their epic research efforts to catalogue the world's regional cybercrime undergrounds. The mammoth effort saw researchers crawl through criminal forums in five countries, documenting the nuances of each as they went. The security outfit's forward-looking threat research team detail the …
Darren Pauli, 02 Mar 2016

BlackEnergy trojan also hit Ukrainian mining firm and railway operator

Security researchers have linked attacks against Ukrainian power utilities in Dec 2015, which used the BlackEnergy trojan, to similar attacks against a mining company and a large railway operator in Ukraine. The new research, by Kyle Wilhoit of Trend Micro, casts fresh light on what’s arguably the most significant malware- …
John Leyden, 15 Feb 2016

Google ninjas go public with security holes in Malwarebytes antivirus

Malwarebytes is rushing to plug security flaws in its software that allow miscreants to sling malware at its customers. The antivirus firm says it has addressed server-side vulnerabilities that were reported by Google Project Zero researcher Tavis Ormandy in November. However, security holes remain in the client-side software …
John Leyden, 02 Feb 2016
Apple iPad Mini 2013

Afraid of getting your iThing pwned? Get yourself iOS 9.2.1

Apple has posted an update for iOS, including patches for 13 CVE-listed security flaws. The Cupertino giant said that the iOS 9.2.1 update bundles the security fixes with a patch for a bug in the Apple Mobile Device manager that had prevented some iOS devices from installing apps. Note that this update will not fix the weird …
Shaun Nichols, 19 Jan 2016

Brazilian whacks: as economy tanks, cyber-crooks samba

Brazil's economy may be hurtling towards recession but its online criminal underground is booming with wannabe hackers and carders racing to get a cut, research finds. Trend Micro's work is the latest in a series of papers it has published in recent months that examine regional online crime economies including North America, …
Darren Pauli, 13 Jan 2016
SHUT UP!

Trend Micro AV gave any website command-line access to Windows PCs

Updated PCs running Trend Micro's Windows antivirus can be hijacked, infected with malware, or wiped clean by any website, thanks to a vulnerability in the security software. The design blunders in the consumer build of Trend's AV were discovered by Google Project Zero bod Tavis Ormandy. A patch is now available to address the remote- …
Iain Thomson, 11 Jan 2016
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

Updated It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers. The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS using a Let's Encrypt-issued cert …
More flaws found in Java

Oracle ordered to admit on its website that it lost the plot on Java security

Oracle bungled the security updates of its Java SE software so badly it must publish a groveling letter prominently on its website for the next two years. After gobbling up Java along with Sun in 2010, Oracle's software updates for Java SE would only affect the latest version installed. If you had multiple versions of Java SE …
Chris Williams, 22 Dec 2015

Quadsys Five fraud case pleas delayed until next month

Five men at security reseller Quadsys who stand accused of fraud are expected to enter pleas at Oxford Crown Court late next month after delays held up their case. Paul Cox, MD at the Oxfordshire-based company, was charged in the summer with conspiracy to commit fraud by false representation and blackmail relating to an …
Paul Kunert, 21 Dec 2015

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Russian friends make German web scum the 'best' in European Union

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say. In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the …
Darren Pauli, 14 Dec 2015
Brute force

WordPress hosting biz confesses to breach, urgently contacts 30,000 users

WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers' passwords. "At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials," it said in a statement …
Kat Hall, 10 Dec 2015

'Legacy' Wordpress blog site of The Independent serving malware

The Independent has become the latest big-name publisher to serve malware. Trend Micro is warning that the UK news site's Wordpress-based blog section has been compromised. The company says the attack seems to have begun on November 21, with a compromised page serving the Angler exploit kit, taking advantage of visitors with …

Google proffers plugs in Android MMS pwnfest

Google has slung a new set of patches at the vulnerability hub that is Android media processing, fixing four critical flaws and 10 high-severity bugs. The vulnerabilities could allow user phones to be compromised through a variety of means including MMS, email, and following web links. Nexus users get the fixes first along …
Darren Pauli, 08 Dec 2015
Video

Smart telly, router, app makers have left a security hole open for – drum-roll – three years

A security hole that has been known and patched for the last three years remains vulnerable in over 6.1 million connected devices. This according to Trend Micro, who says its researchers have discovered that a collection of remote code execution vulnerabilities in a software library used by mobile devices, smart TVs, and …
Shaun Nichols, 04 Dec 2015

Domination: Crims steal admin logins, infect sites, drop Cryptowall 4

Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim's admin passwords to enslave their websites into attack campaigns. The battery starts with the installation of the Pony malware, which in 2013 stole some two million passwords through its global botnet. …
Darren Pauli, 04 Dec 2015

Researcher reveals Chinese e-crime shopping list

Dodgy developers can have their data-stealing iOS applications boosted to the top ranks of Apple's App Store for as little as US$4000 thanks to services on offer by Chinese hackers. The price will get an application capable of evading Apple's security checks onto the top five paid application list through boosting services. A …
Darren Pauli, 26 Nov 2015

British duo arrested for running malware encryption service

Two British suspects have been arrested accused of running the refud.me encryption site VXers use to evade antivirus. The National Crime Agency says the suspects from Colchester, Essex have been bailed until February next year. The pair operated the refud.me service which allowed VXers to test their malware against antivirus …
Darren Pauli, 24 Nov 2015

Latest Android phones hijacked with tidy one-stop-Chrome-pop

PacSec Google's Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine. It can probably hose all modern and updated Android phones if …
Darren Pauli, 12 Nov 2015

Outrageous OPSEC: What happens when skiddies play natsec

CheckPoint has raided the servers of a bumbling alleged Iranian hacking group using credentials hardcoded into malware, using its access to name suspected members. The Rocket Kitten group was revealed September 2014 and later in more detail March targeting organisations throughout the Middle East with persistent, successful, …
Darren Pauli, 10 Nov 2015

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted. Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from …
John Leyden, 05 Nov 2015

Here's how TalkTalk ducked and dived over THAT gigantic hack

Timeline It has been almost two weeks since the "cyber attack" on the TalkTalk website of 21 October, yet the company is yet to tell its customers how their data was compromised. TalkTalk's CEO Dido Harding has yet to offer anything more than a token apology regarding the company's security practices, which allowed more than a million …

TalkTalk incident management: A timeline

Timeline Contradictory statements issued by TalkTalk regarding the third data breach the company has experienced this year have provided inadequate information to the telco's customers about their data, while effectively insulating the company from questions regarding its security practices with insubstantive, and at times incoherent, PR …
Panic button

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Chaos reigns at TalkTalk as the telco appears to be claiming that a distributed denial of service (DDoS) attack led to customer data being compromised – despite that being technically infeasible. A contradictory series of claims in a TalkTalk statement published this morning has suggested the company does not understand the …
Malaysia Airlines plane

Hackers hit NATO, White House – then aimed at MH17 air disaster probe

The Pawn Storm hackers who tried to infiltrate NATO and White House networks have been spotted bothering another sensitive target: the team investigating the downed Malaysia Airlines MH17 flight. Researchers at Trend Micro found suspicious SFTP, VPN, and Outlook Web Access servers configured to collect usernames and passwords …
Shaun Nichols, 22 Oct 2015

Trend Micro stumps up $300m to buy HP TippingPoint

Trend Micro has agreed to pay $300m to acquire HP TippingPoint, a provider of intrusion prevention systems and related network security kit. The acquisition is both technology and market driven since it gives Trend, best known for its security software, access to HP TippingPoint’s customer base. Trend says the deal positions …
John Leyden, 21 Oct 2015

Oracle plugs flaw used in attacks on NATO and the White House

Oracle has crushed a critical click-to-play vulnerability attackers used in the NATO-busting hacking operation known as Pawn Storm, Trend Micro threat analyst Jack Tang says. The patch is part of a run of 154 fixes from Big Red including 25 for the ravaged Java runtime. The fix will either irk or amuse the sophisticated …
Darren Pauli, 21 Oct 2015

Good news: Adobe bangs out Flash patch fast. Bad news: Google's defenses were useless

Adobe's security engineers have pulled out all the stops to release a patch for a shocking vulnerability in Flash much earlier than expected. On Tuesday Trend Micro published details of a bug in all versions of the Flash player for Mac and PCs, and some Linux builds. The flaw is being actively exploited in the wild, Trend said …
Iain Thomson, 16 Oct 2015

Bloke cuffed, accused of polishing off £700k Polish bank cyber-heist

A 31-year-old Warsaw chap is accused of stealing more than four million Polish złoty (£700,000) by hacking into a bank in Poland. The bloke has been named only as "Tomasz G" due to Polish privacy laws, and is charged with committing computer fraud and money laundering crimes, reports Radio Poland. Tomasz G faces up to 10 …
brian_blessed_648

Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes

Hackers behind a long-running cyber-espionage campaign have begun using a new Adobe Flash zero-day exploit in their latest campaign. The attackers behind Pawn Storm targeted several foreign affairs ministries from around the globe using a Flash-based attack, Trend Micro reports. The targets received spear phishing emails that …
John Leyden, 15 Oct 2015

Kill Flash: Adobe says patch to fix under-attack hole still days away

Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, …
Iain Thomson, 15 Oct 2015

New Flash flaw lets you beat White House and NATO security

Don't ignore the next emergency Flash Player update you receive: it might be trying to fix yet another vulnerability in the chronically-insecure plug-in. According to Trend Micro, the vulnerability is already being used by Pawn Storm in phishing attacks against a variety of governments. Trend's analysts reckon the zero-day …

Credit card numbers stolen from charity America's Thrift Stores

A malware-driven break-in and breach at the charity America's Thrift Stores may have compromised all sales transactions at the company between 1 September and 27 September, its CEO has admitted. A statement from Kenneth Sobaski claimed that the breach "allowed criminals from Eastern Europe unauthorized access to some payment …

Hey Scandos, missed that parcel? Here’s some ransomware instead

Spam emails disguised as messages from local post offices – but actually packing the latest variant of the CryptoLocker ransomware – are being flung at surfers in Scandinavia. Heimdal Security reports that emails referring to an undelivered package and written in local languages are actually attempts to trick prospective marks …
John Leyden, 24 Sep 2015