85 Android Adware Apps Downloaded 9 Million Times
Researchers have found another batch of malicious Android applications on Google Play that spam users with annoying full-screen ads and make using their phones difficult. Trend Micro calls the adware AndroidOS_HidenAd and found it inside 85 apps that masqueraded as game, TV and remote control apps, the most popular of ... Read More
Rogue iOS Apps Sent Data to Malicious Server
Researchers have come across several games in the iOS app store that sent information to and communicated with a known malicious server. Finding malware in the iOS app store is rare because Apple has a highly stringent policy for app store admission and performs manual app reviews. Even so, it ... Read More
Adobe Reader and Acrobat Get Patches for Two Critical Flaws
Adobe Systems released new security patches for Adobe Reader and Acrobat to fix two critical vulnerabilities that could allow hackers to execute malicious code on computers. Both flaws were reported privately by external researchers through Trend Micro’s Zero Day Initiative (ZDI) vulnerability acquisition program. Adobe is not aware of any ... Read More
Hackers Hijack Chromecast Devices and Smart TVs via Exposed UPnP
A pair of hackers has launched a campaign that displays rogue messages on people’s smart TVs encouraging them to subscribe to a popular YouTube channel. The attack doesn’t seem to be malicious and is part of a larger campaign to promote PewDiePie, the YouTube channel with the largest number of ... Read More
New Windows Zero-day Bug Allows Deleting Arbitrary Files
A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition on the machine, so a successful exploit can take some time as it will retry until it succeeds, ... Read More
‘Five Eyes’ Countries Attribute APT10 Attacks to Chinese Intelligence Service
Following the indictment of two alleged members of a Chinese cyberespionage group by the U.S. Department of Justice Dec. 20, the governments of Canada, Australia, New Zealand and the U.K. have publicly attributed the group’s activities to China’s Ministry of State Security. This is the second time when the countries ... Read More
Researcher Drops Third Windows Zero-Day Exploit in Four Months
A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s documentation, enables an installer to “advertise” shortcut and registry information about a product to Windows by writing it ... Read More
Emergency Patch for Zero-Day Vulnerability in Internet Explorer
Microsoft has released an unscheduled patch for a remote code execution vulnerability in Internet Explorer that is actively exploited by attackers. Microsoft releases security updates on the second Tuesday of every month—known in the industry as Patch Tuesday—and rarely breaks out of that cycle. When it does, the company releases ... Read More
More Shamoon 3 Attacks Detected in the Middle East and Europe
After an Italian company recently confirmed that its infrastructure was attacked with a new version of a destructive malware program called Shamoon, security companies discovered additional infections in the Middle East and Europe. “During the past week, we have observed a new variant attacking several sectors, including oil, gas, energy, ... Read More
WordPress 5.0 Gets Security Patch a Week After Release
Only a week has passed since the release of WordPress 5.0—a new major version codenamed “Bebo”—and the WordPress team has already pushed out a security update for it. WordPress 5.0.1, released Dec. 13, fixes seven vulnerabilities, some of which are pretty serious and could soon be exploited by attackers. One ... Read More
