Trellix Global Defenders: Analysis and Protections for Destructive Wipers

Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies organized crime and hacker groups to attack and attempt to damage other nations’ computers or information...

LockBit3.0: A Threat that Persists

LockBit3.0: A Threat that Persists By Trellix · November 17, 2022 This blog was written by Alexandre Mundo LockBit is a very well-known family of ransomware that has created havoc worldwide over the last few years. In March 2022, a new variant of the ransomware was discovered. The LockBit3.0...

LockBit3.0: A Threat that Persists

LockBit3.0: A Threat that Persists By Alexandre Mundo · November 17, 2022 LockBit is a very well-known family of ransomware that has created havoc worldwide over the last few years. In March 2022, a new variant of the ransomware was discovered. The LockBit3.0 variant presented with a mix of...

Wipermania: An All You Can Wipe Buffet

Wipermania: An All You Can Wipe Buffet By Max Kersten · November 15, 2022 In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital weapons” within the security...

Wipermania: An All You Can Wipe Buffet

Wipermania: An All You Can Wipe Buffet By Trellix · November 15, 2022 This blog was written by Max Kersten In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital...

The Bug Report October 2022 Edition

The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...

The Bug Report October 2022 Edition

The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve foun...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix, Charles McFarland, Sam Quinn · November 1, 2022 This story was also written by Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that were fix...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix and Sam Quinn · November 1, 2022 This story was also written by Charles McFarland and Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that we...

2022 Election Phishing Attacks Target Election Workers

2022 Election Phishing Attacks Target Election Workers By Patrick Flynn, Fred House, Rohan Shah · October 12, 2022 Highly publicized campaign and political party breaches during the 2016 U.S. presidential campaign raised election security as a critical issue among U.S. policy makers in the years...

2022 Election Phishing Attacks Target Election Workers

2022 Election Phishing Attacks Target Election Workers By Rohan Shah · October 12, 2022 This blog was written by Patrick Flynn and Fred House Highly publicized campaign and political party breaches during the 2016 U.S. presidential campaign raised election security as a critical issue among U.S...

Evolution of BazarCall Social Engineering Tactics

Evolution of BazarCall Social Engineering Tactics By Daksh Kapur · October 6, 2022 What is BazarCall? As nicely defined in this article by Microsoft: BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s ...

Evolution of BazarCall Social Engineering Tactics

Evolution of BazarCall Social Engineering Tactics By Daksh Kapur · October 6, 2022 What is BazarCall? As nicely defined in this article by Microsoft: BazarCall campaigns forgo malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. It’s ...

The Bug Report — September 2022 Edition

The Bug Report — September 2022 Edition By Charles McFarland · October 5, 2022 As long as it works.... Why am I here? Welcome back to the Bug Report, don’t-stub-your-toe edition! For those in the audience unfamiliar with how we do things here, every month we filter down that month’s bugs to just ...

The Bug Report — September 2022 Edition

The Bug Report — September 2022 Edition By Trellix · October 5, 2022 This blog was written by Charles McFarland As long as it works.... Why am I here? Welcome back to the Bug Report, don’t-stub-your-toe edition! For those in the audience unfamiliar with how we do things here, every month we filte...

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence By John Fokker · September 29, 2022 We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and...

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence

Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence By John Fokker · September 29, 2022 We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and...

Ancient CVEs Can Cause You Problems

Ancient CVEs Can Cause You Problems By Kent Landfield · September 23, 2022 The Common Vulnerability and Exposures CVE Program was founded in 1999 for the purpose of giving individual cyber vulnerabilities an identifier that could be used as an interoperable means for identifying a specific...

Ancient CVEs Can Cause You Problems

Ancient CVEs Can Cause You Problems By Kent Landfield · September 23, 2022 The Common Vulnerability and Exposures CVE Program was founded in 1999 for the purpose of giving individual cyber vulnerabilities an identifier that could be used as an interoperable means for identifying a specific...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability By Trellix · September 21, 2022 This story was also written by Kasimir Schulz While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability By Trellix · September 21, 2022 This story was also written by Kasimir Schulz While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

The Bug Report – August 2022 Edition

The Bug Report — August 2022 Edition By Philippe Laulheret · September 7, 2022 Your Cybersecurity Comic Relief Figure 0: CVE-2022-38392 redefines “destructive interference” Why am I here? Indeed, why are we here? School is back in session, there’s a chill in the air that says fall is around the...

The Bug Report – August 2022 Edition

The Bug Report — August 2022 Edition By Philippe Laulheret · September 7, 2022 Your Cybersecurity Comic Relief Figure 0: CVE-2022-38392 redefines “destructive interference” Why am I here? Indeed, why are we here? School is back in session, there’s a chill in the air that says fall is around the...

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

Get to Know Anne An

Meet Anne An Senior Security Researcher By Michael Alicea · August 25, 2022 At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive” researcher embedded on our frontlines as...

Get to Know Anne An

Meet Anne An Senior Security Researcher By Trellix · August 25, 2022 This blog was written by Michael Alicea At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive”...

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

Demystifying Qbot Malware

Demystifying Qbot Malware By Adithya Chandra and Sushant Kumar Arya · August 24, 2022 Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolve, adopting new infection...

Demystifying Qbot Malware

Demystifying Qbot Malware By Adithya Chandra · August 24, 2022 This blog was also written by Sushant Kumar Arya Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolv...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

DotDumper: Automatically Unpacking DotNet based Malware

DotDumper: Automatically Unpacking DotNet Based Malware By Max Kersten · August 11, 2022 The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the...

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

DotDumper: Automatically Unpacking DotNet based Malware

DotDumper: Automatically Unpacking DotNet Based Malware By Trellix · August 11, 2022 This blog was written by Max Kersten The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

The Race to Secure eBPF for Windows

The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...

Small Business, Mighty Attack Surface

Small Business, Mighty Attack Surface By Trellix · August 3, 2022 This blog was written by Douglas McKee If given the chance to name the first five businesses that come to mind, what would they be? Maybe if you're close to the security industry you might suggest names like Microsoft, Apple or...

The Bug Report – July 2022 Edition

The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

The Bug Report – July 2022 Edition

The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it...

Small Business, Mighty Attack Surface

Small Business, Mighty Attack Surface By Trellix · August 3, 2022 This blog was written by Douglas McKee If given the chance to name the first five businesses that come to mind, what would they be? Maybe if you're close to the security industry you might suggest names like Microsoft, Apple or...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...