Security Intelligence Blog

A look at vulnerabilities that allow for diverting the kernel execution flow in Windows. So is there any way to subvert the SMEP protection implementation in Windows 8/8.1? Can Return Oriented Programming (ROP) techniques be used to subvert the SMEP protections?

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable. A patch has been provided in Android KitKat. If you wondered why your code is now broken, it is due to the Android KitKat patch which requires applications to override the new method, PreferenceActivity.isValidFragment, which has been added to the Android Framework.

The Microsoft security update for Dec patches 20 vulnerabilities in 12 bulletins, with 5 rated ‘Critical’ and the rest ‘Important’. This month, we see a more variety of MS products getting patched, and also Oracle Outside-In joining in the party (KB2880833).

Something only the user knows. Most of us have encountered Knowledge Based Authentication (KBA), though we might not have realized it had a name. Think back to a time when… read more →

So it is finally patch Tuesday today! Last two weeks have been quite busy as we all heard about targeted and not targeted attacks exploiting 0 day vulnerabilities. As usual we will share some highlights of the MS Security Bulletin.

As a new addition to our securityintelligence.com site we will begin to more regularly feature threat analysis from IBM’s Managed Security Services organization.  This team operates a 24/7 Security Operations… read more →

How is it that malware can differentiate between being run on real hardware vs being run inside a (system) virtual machine? How exactly do some malware behave differently on real hardware (a bare metal computer system if you will) compared to a virtual machine in order to fight against malware analysis?

OBAD has been agreed upon to be one of the most sophisticated piece of android malware and you can find various analysis on the web. In this series we will take it apart together and learn about its functionality and various techniques that it uses to gain more power, avoid removal and making analysis harder.

When talking about web based threats like watering holes and drive by downloads, browser security is the critical layer that keeps your computer running clean. Still, there are times when zero-day and unknown vulnerabilities can wreak havoc before vendor patches are available.

With the release of Internet Explorer 10 in Windows 8, an improved version of IE’s Protected Mode sandbox, called Enhanced Protected Mode (EPM), was introduced. With the use of the new AppContainer process isolation mechanism introduced in Windows 8, EPM aims to further limit the impact of a successful IE compromise by limiting both read and write access and limiting the capabilities of the sandboxed IE process.