2303 matches found
Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources. As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist a...
Not Just Good Security Products, But a Good Partner
The analyst firm Canalys annually produces their Cybersecurity Leadership Matrix. Whereas many third-party assessments are looking at just the security product, this one focuses on the value to channel partners. Sidebar: what is the channel? If you aren’t actively buying or selling cybersecurity...
What HIPAA and Other Compliance Teaches Us About the Reality of GDPR
with contributing author, William J. Malik, CISA | VP, Infrastructure Strategies The date for General Data Protection Regulation GDPR compliance is just weeks away, yet many organizations, especially those outside Europe, remain unprepared. It turns out that the experiences from other privacy...
This Week in Security News: Warnings and WannaCry
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, we're following Ikea's job marketplace, TaskRabbit, which may have suffered a data breach. Also, the U.S and U.K warn against Russian cyber...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 1, 2018
Happy New Year! It’s out with the old, in with the new, right? Except we all know that the old tends to stick around, especially when it comes to vulnerabilities and patching them. Trend Micro predicts that that 2018’s biggest attacks will originate from known vulnerabilities. And speaking of kno...
How GDPR will impact businesses outside of the EU
Cyber attacks are consistently making headlines, impacting businesses and individuals alike as hackers look to steal sensitive data and make a quick payday. Techniques are becoming more sophisticated to avoid detection, convince users to download malicious files and extort businesses into paying ...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 29, 2017
“Anything that can go wrong will go wrong.” It’s not exactly clear how Murphy’s Law originated, but it seems to always make an appearance at the one time you can’t afford for anything to go wrong. Your laptop starts to malfunction right as you need to finish a project this happened to yours truly...
WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening...
Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024
Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha...
LockBit Attempts to Stay Afloat With a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations...
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals...
Strategic Tips to Optimize Cybersecurity Consolidation
Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...
How to Prevent Ransomware as a Service (RaaS) Attacks
Explore key insights on how ransomware as a service RaaS operators work and how to prevent ransomware attacks...
Hunting for A New Stealthy Universal Rootkit Loader
In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module...
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led t...
Meet Your New AI Assistant: Introducing Trend Vision One™ – Companion
Discover how Companion can help upgrade SOC efficiency and elevate your team to reach their full potential...
Security Vulnerabilities of ChatGPT-Generated Code
Discover the cybersecurity risks of AI-generated code, learn how to protect your applications, and understand how the rise of ChatGPT is impacting software development...
Malicious AI Tool Ads Used to Deliver Redline Stealer
We’ve been observing malicious advertisement campaigns in Google’s search engine with themes that are related to AI tools such as Midjourney and ChatGPT...
4 Types of Cyber Crime Groups
Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and crowd sourcing as well as tips to strengthen your defense strategy...
Hack the Real Box: APT41’s New Subgroup Earth Longzhi
We looked into the campaigns deployed by a new subgroup of advanced persistent threat APT group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August...
Solve the Cloud-Native App Security Puzzle with CNAPP
Explore the value of integrating cloud-native application protection into security and development...
Examining New DawDropper Banking Dropper and DaaS on the Dark Web
In this blog post, we discuss the technical details of a new banking dropper that we have dubbed DawDropper, give a brief history of banking trojans released in early 2022 that use malicious droppers, and elaborate on cybercriminal activities related to DaaS in the deep web...
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control C&C server to circumvent detection...
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report...
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK for ICS...
SMS PVA Part 1: Underground Service for Cybercriminals
In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it...
Cybersecurity for Industrial Control Systems: Part 1
In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats...
Are Endpoints at Risk for Log4Shell Attacks?
We created a free assessment tool for scanning devices to know whether it is at risk for Log4Shell attacks...
Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service
We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation...
StrongPity APT Group Deploys Android Malware for the First Time
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicio...
Secure Your Images with AWS Lambda Serverless Functions
NEW on AWS Lambda: Learn how to package up your serverless functions as container images...
Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But...
Information security: How Hackers Leverage Stolen Data for Profit
Data theft is inarguably big business for hackers. This has been proven time and time again when big-name companies and their customers are involved in a data breach. As these instances appear to take place more often, and the number of stolen or compromised files continues to rise, it's worth...
Which specific malware trends should American businesses be prepared for?
In 2017, more than 700 million malware specimens were discovered. In this type of environment, it can be a considerable challenge for enterprises to keep up with the ever-changing threat landscape and ensure their internal protections are sufficient for safeguarding their most critical IT assets...
PROTECTING YOUR PRIVACY – Part 2: How to Maximize Your Privacy on Social Media and in Your Browser
In the last post we highlighted the privacy risks associated with using popular social networking sites and browsers. You might not appreciate just how much of your personal data is being accessed by advertisers and other third parties via your social media accounts and internet browsing...
A Look Back: Reviewing the Worst Cyber Attacks of 2017 and the Lessons Learned
It seems that each year that passes is worse than the last in terms of hacking and cyber attacks, and 2017 was no exception. "Surprising no one, 2017 was marked another 'worst year ever' in data breaches and cyber incidents around the world," said Jeff Wilbur, director of the Internet Society's...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
Why “Just Patch It!” Isn’t as Easy as You Think
At the Zero Day Initiative ZDI, we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks...
Teaming Up with HITRUST to Raise Cybersecurity Standards in Healthcare
From cash-hungry hackers to state-sponsored spies and careless insiders, there’s no shortage of cyber threats facing healthcare organizations HCOs today. At Trend Micro, we’ve been protecting organizations operating in the industry for years, but the challenges facing these customers show no sign...
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath...
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework CVE-2025-26633 to execute malicious code on infected machines...
Unmasking Prometei: A Deep Dive Into Our MXDR Findings
How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflict...
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool...
Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer MSI files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are...
Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project...
Against the Clock: Cyber Incident Response Plan
Conventional wisdom says most organizations will experience a cybersecurity breach at some point—if they haven’t already. That makes having a ready-to-launch incident response process crucial when an attack is detected, as this fictionalized scenario shows...
Implementing Zero Trust: 5 Key Considerations
When implementing a Zero Trust strategy and selecting a solution to safeguard your company against cyber risk, there are many factors to consider. Five key areas include Visibility and Analytics, Automation and Orchestration, Central Management, Analyst Experience, and Pricing Flexibility and...
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane...