2303 matches found
4 Popular Cybersecurity Myths vs. Facts
Any cybersecurity approach is only as strong as its underlying assumptions. What happens when those assumptions are wrong? Find out where confusion about cybersecurity facts can lead organizations astray...
5 Types of Cyber Crime Groups
Discover the five main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, crowd sourcing, and phishing as a service as well as tips to strengthen your defense strategy...
Top 10 AI Security Risks According to OWASP
The unveiling of the first-ever Open Worldwide Application Security Project OWASP risk list for large language model AI chatbots was yet another sign of generative AI’s rush into the mainstream—and a crucial step toward protecting enterprises from AI-related threats...
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware...
Impulse Team’s Massive Years-Long Mostly-Undetected Cryptocurrency Scam
We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team...
Understanding Jamstack Security
Learn how Jamstack has emerged as a new architectural paradigm for delivering websites and web-based applications with the promise of improved performance, scalability, and security over the traditional server-driven approach to web development...
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023...
What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits
We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar...
Cyber Hygiene: How to get buy-in from employees
Good cyber hygiene starts with buy-in across the enterprise. Discover how CISOs can establish a company-wide security culture to reduce risk...
Improving Software Supply Chain Security
Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk...
Agenda Ransomware Uses Rust to Target More Vital Industries
This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works...
Security Breaks: TeamTNT’s DockerHub Credentials Leak
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in...
GraphQL vs gRPC: Which One Creates More Secure APIs?
Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API frameworks and how to prevent them...
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report...
Examining the Black Basta Ransomware’s Infection Routine
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics...
Recent Cyberattacks Target Open-source Web Servers
Malicious actors take advantage of people’s reliance on web servers to perform attacks like remote code execution, access control bypass, denial of service, or even cyberjacking the victim servers to mine cryptocurrencies...
This Week in Security News - February 18, 2022
SMS PVA services' use of infected Android phones reveals flaws in SMS verification, and 'Russian state-sponsored cyber actors' cited in hacks of U.S. defense contractors...
A Cloud Native Application Protection Platform Guide
In this article we explore CNAPP, the latest industry acronym coined by Gartner, and why devs need to know about it...
Oracle WebLogic Detection and Mitigation
We review 2020 and 2021 Oracle WebLogic vulnerabilities and how using a unified SaaS platform can help you detect and mitigate these sophisticated risks...
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools RATs for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actor’s latest attacks...
N-Day Exploit Protection Strategies
Over two years, Trend Micro Research scoured the underground forums for insight into the N-day exploit market. Discover their findings and how you can secure your organization against exploits...
What To Expect in a Ransomware Negotiation
We wanted to get a better understanding of what victims go through during the aftermath and recovery process of a ransomware attack to help others in case they find themselves in a similar situation. To do this, we analyzed victim support chats for five ransomware families...
Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
We recently spotted fake installers of popular software being used to deliver bundles of malware onto victims’ devices. These installers are widely used lures that trick users into opening malicious documents or installing unwanted applications...
Introduction to Runtime Application Self-Protection (RASP)
Discover how runtime application self-protection RASP is shifting the narrative of application security and how to easily integrate RASP into your software for improved speed and delivery...
Curb Your Cyber Risk
Global cyber risk is at an all-time high. Understand how you can lower yours...
Prove PCI DSS Compliance with Automation
Meet PCI DSS compliance needs without interrupting your workflow...
Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)
Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean w...
Fixing cloud migration: What goes wrong and why?
The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach project...
Survey: Employee Security Training is Essential to Remote Working Success
Organisations have been forced to adapt rapidly over the past few months as government lockdowns kept most workers to their homes. For many, the changes they’ve made may even become permanent as more distributed working becomes the norm. This has major implications for cybersecurity. Employees ar...
Connected Car Standards – Thank Goodness!
Intelligent transportation systems ITS require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS Mobility as a Service provider will risk investing in a single-vendor solution. Successful ITS require...
Risk Decisions in an Imperfect World
Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. To properly evaluate the risk...
Network security simplified with Amazon VPC Ingress Routing and Trend Micro
Today, Amazon Web Services AWS announced the availability of a powerful new service, Amazon Virtual Private Cloud Amazon VPC Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to...
AI and Machine Learning: Boosting Compliance and Preventing Spam
Some of the most advanced strategies in the current technology and analytics spaces include artificial intelligence and machine learning. These innovative approaches can hold nearly endless possibilities for technological applications: from the ability to eliminate manual work and enable software...
Can Your Managed Detection and Response Service Do This?
Submitted by Steve Duncan Trend Micro has recently introduced its Managed Detection and Response Service to North America. This spring at the RSA show in San Francisco I had that chance to catch up with Jon Oltsik of ESG again to discuss our new offering and why we think the time is right. As...
Trend Micro at HiMSS: Protecting Healthcare Organizations with Optimized, Connected Security
Submitted by Elie Nasrallah , Director – Cyber Security Strategy The healthcare industry remains one of the most frequently targeted sectors in the United States. It accounted for nearly a quarter 23% of all breaches reported in 2017, second only to the business category, in another record year f...
How Hackers Are Leveraging Machine Learning
For business executives and internal information security specialists, it seems that every day brings a new potential risk to the company - and in the current threat environment, it isn't hard to understand this viewpoint. Sophisticated cybercriminals are continually on the lookout for the next b...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
IoT Device Security At Home
My girlfriend read something that worried her about the security risks posed by Internet of Things IoT devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk. We talked about the kinds of problems an unprotected...
Tradition and Technology: Trend Micro Takes to the Water for Dragon Boat Challenge
At Trend Micro, we’re used to fighting it out against a constant barrage of cyber threats facing our customers. But we don’t just want to be number one in cybersecurity: We’re also highly competitive elsewhere. As a company proud of our East Asian links we’re keen Dragon Boat racers, and guess...
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads...
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare CVE-2024-49113 that is being used to distribute information-stealing malware...
Link Trap: GenAI Prompt Injection Attack
Prompt injection exploits vulnerabilities in generative AI to manipulate its behavior, even without extensive permissions. This attack can expose sensitive data, making awareness and preventive measures essential. Learn how it works and how to stay protected...
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts...
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions
Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE...
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China...
Vulnerabilities in Cellular Packet Cores Part IV: Authentication
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core AP5GC. The first vulnerability CVE-2024-20685 allows a crafted signaling message to crash the control plane, leading to potential service outages. The second ZDI-CAN-23960 disconnects and replaces attached bas...
Reduce Business Email Compromise with Collaboration
Here's the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security space...
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor...
Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign
This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud...
Cybersecurity Threat 1H 2023 Brief with Generative AI
How generative AI influenced threat trends in 1H 2023...