2303 matches found
Detecting BPFDoor Backdoor Variants Abusing BPF Filters
An analysis of advanced persistent threat APT group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021...
Four Must-haves to Strengthen Your Endpoint Security
To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security...
How to Write a Cybersecurity Policy for Generative AI
Just months after hitting the scene, generative AI already seems like it will become a permanent addition to the enterprise IT toolbox. For CISOs, the pressure is on to roll out AI security policies and technologies that can mitigate very real and present risks...
Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies
This blog entry features three case studies that show how malicious actors evade the antispam, antibot, and antiabuse measures of online web services via residential proxies and CAPTCHA-breaking services...
S4x23 Review Part 2: Evolving Energy Cybersecurity
In this second report on S4x23 held last February, this article introduces the discussion on cyber security in the energy industry, which was one of the topics that attracted attention...
Security Patch Management Strengthens Ransomware Defense
With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management...
A Deep Dive into the Evolution of Ransomware Part 1
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analyti...
Massive Phishing Campaigns Target India Banks’ Clients
We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns...
Red Teaming to Reduce Cyber Risk
Discover how red teaming can help reduce cyber risk across your ever-expanding digital attack surface...
Oil and Gas Cybersecurity: Recommendations Part 3
In the final part of our series, we look at the APT33 case study and several recommendations from our expert team...
Oil and Gas Cybersecurity: Industry Overview Part 1
With geopolitical tensions running high, oil and gas companies may be more susceptible to cyberattacks...
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike
Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics...
YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives...
Cyber Risk Management Strategies from Arjo CIO
Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...
Detect Azure AD Hybrid Cloud Vulnerabilities
AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory AD and Microsoft 365 - learn how to protect against their common vulnerabilities...
S4x22: ICS Security Creates the Future
The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE...
An In-Depth Look at ICS Vulnerabilities Part 2
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels...
SMS PVA Part 3: Countries Most Impacted by Service
In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats...
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer...
How to detect Apache HTTP Server Exploitation
With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers...
AWS re:Invent 2021 Guide: Checklist & Key Sessions
Welcome to your complete guide to AWS re:Invent 2021, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually...
Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR
In this blog entry, we will take a look at the ProxyShell vulnerabilities that were being exploited in these events, and dive deeper into the notable post-exploitation routines that were used in four separate incidents involving these web shell attacks...
Demo: How to Build a Container Registry from a Container
What came first the container or the container registry? Find out and learn how to build, run, and scan your very own container registry from a container itself on your laptop...
Security Risks with Private 5G in Manufacturing Companies Part. 2
We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. The option of Private 5G lets private companies and local governments have their own...
October Patch Tuesday: 3 Critical Bulletins Among 71
The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities...
#LetsTalkSecurity - Security at the Speed of Change
Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape...
Water Pamola Attacked Online Shops Via Malicious Orders
Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emails with malicious attachments...
Protecting LoRaWAN Hardware from Attacks in the Wild
In the last article of our LoRaWAN series, we present dangerous hardware attacks that could affect organizations using this technology. These attacks are particularly worrying because many LoRaWAN devices are deployed in unsecured locations...
The Many Paths To A Cybersecurity Education
Ask a room full of cybersecurity professionals about their educational background and how they got started on their career path and you’re going to get a myriad of different answers. From one perspective, that’s frustrating. It’s hard to confidently recommend a path for people starting out when...
Phishing, Part 1: On the Lookout
Cybersecurity has gone mainstream, thanks in part to the hacking of the 2016 Presidential election. But how many of us know how the attackers in this case actually achieved their ends? The truth is, that one of the oldest, but most effective weapons in the cybercriminal’s arsenal, undoubtedly use...
Building a Profitable Security Services Offering Part 2 IT Security Features and Benefits Overview
Trend Micro is excited to partner with SPC International in this 5-part Blog, Webinar and Online Training Series; focused on Building a Profitable Security Services Offering for MSP Partners. Through the series, SPC will teach you a selling process of leading with security, steps in growing your...
Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?
Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering: | Strengthen yo...
This Week in Security News: Magic Quadrants & Global Threats
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Gartner released its Magic Quadrant Leaders, Data Privacy Day gave us a moment to reflect, and U.K. and U.S. governments alike acted to...
Applying Lean to Information Risk Management
Lean Manufacturing brings significant benefits to industry, including cost reduction, quality improvement, reduced cycle time, and greater customer satisfaction See “The Machine that Changed the World”, Womak, J., Jones, D., and Roos, D., Free, Press, 1990 for the groundbreaking analysis of...
FIRST and Beyond – a History of Elevating Research through Partnerships
At the FIRST conference in San Juan, Trend Micro’s Forward-looking Threat Research team will be presenting four sessions on a wide range of topics. These sessions will demonstrate a sliver of the research going on at Trend Micro, and some of the partnerships that elevate the research to benefit t...
4 ways mobile devices still threaten your business
Mobile devices have been commonly used in corporate environments for decades - bulky portable telephones, heavy laptops and PDAs. Then along came Apple and the smartphone, and soon everyone either had personal smartphone or expected their employers to provide one. Since then, enterprise mobility...
TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry
In this blog entry, TrendAI™ Research examines a wave of phishing emails observed in May 2026 that targeted Japanese accommodation facilities using Booking.com, detailing the victims, attack techniques used, and characteristics of the malware involved...
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data...
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations...
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks...
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations...
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East...
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign...
A Dive into Earth Baku’s Latest Campaign
Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures...
Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024...
18X a Leader in Gartner Magic Quadrant for EPP
Explore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms...
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnetcompiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications...
2023 Review: Reflecting on Cybersecurity Trends
Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics,...