Security Intelligence Blog

Return Oriented Programming (ROP) is the general case of a technique often used when exploiting security vulnerabilities caused by memory corruption issues. ROP has become a more frequently used technique in the exploitation of memory corruption vulnerabilities.

Latest security trends—from malware delivery to mobile device risks—based on data and ongoing research from the IBM X-Force Research team.

Hi everyone, its that time of the month again. Undoubtedly, the highlight for Feb’s Microsoft security update belongs to IE. With 24 issues being addressed in KB2909921, it seems that MSRC is making up for lost time when there isn’t any updates for IE in Jan 2014. So this really shouldn’t come as a big surprise at all.

A inside look at the Kaptoxa/BlackPOS malware, which is believed to be used in the massive Target data breach, with the goal of understanding how it operates and finding ways to detect its network activity.

The Microsoft security update for January 2014 dishes up a relatively small collection of patches, but it’s a valuable set. The KB2916605 patches for Microsoft Word and Web Applications fix three vulnerabilities, all of which provide Remote Code Execution (RCE) when successfully exploited. The patches for KB2913602 and KB2914368 both correct vulnerabilities leading to Escalations of Privilege (EOP). Together, these three patches cover five CVEs.

Image spam had its heyday in 2006 and 2007 with more than 40% of all spams contained an image attachment. By the summer of 2007, the game seemed to be over and image spam threats stopped almost completely. Nearly five years later, in December 2013, image spam has made a comeback!

The IBM X-Force Threat Analysis Service (XFTAS) reports on vulnerabilities that need to be brought to the attention of our customers. Such was the case in June of 2013. We found a report on a Plesk Control Panel vulnerability (CVE-2013-4878) and provided the following assessment.

Recently a colleague sent me a .docx which triggered on our scanning engine. Being the optimist me, I personally view such incidents positively; it either proves the accuracy of our engine if it is a true positive, or offers an opportunity to improve the detection logic if it turns out to be a false positive.

A look at vulnerabilities that allow for diverting the kernel execution flow in Windows. So is there any way to subvert the SMEP protection implementation in Windows 8/8.1? Can Return Oriented Programming (ROP) techniques be used to subvert the SMEP protections?

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable. A patch has been provided in Android KitKat. If you wondered why your code is now broken, it is due to the Android KitKat patch which requires applications to override the new method, PreferenceActivity.isValidFragment, which has been added to the Android Framework.