2303 matches found
How attackers are abusing high-profile users and executives
Email is the prime communication channel for businesses and their employees worldwide. In fact, last year saw more than 269 billion emails sent per day, and Radicati Group researchers predict that by 2021, this number will rise to more than 319 billion. With so much critical and sensitive...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018
When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a...
State-of-the-art Security: The role of technology in the journey to GDPR compliance
As we’ve discussed over the last 7 weeks in our video case study series, the General Data Protection Regulation GDPR impacts many different areas of our company, including our employees, customers, and partners. The GDPR also mandates the use of state-of-the-art security, which, as a leader in...
Arm your users with knowledge to spot phishing attacks – for free!
Attendees to the Black Hat 2017 security conference said their No. 1 security concern and most time-consuming activity was phishing and social engineering attacks. That’s no surprise with the increase in Business Email Compromise BEC attacks and with most ransomware being delivered by email. But...
Sharing the Journey to GDPR Compliance
Customer data is everything at Trend Micro. As a global cybersecurity leader, protecting customer data is what we do for a living, which is why it’s important for us to put into practice what we talk to our customers about. As a demonstration of our commitment to protecting our millions of...
Security Glue Between the Silos of Endpoint, Server, Cloud and Network Security Gets More Critical
Endpoint and Host security techniques have diverged. There used to be considerable similarity between the techniques and tools used to secure desktops, servers, and even networks. Desktops evolved to become Endpoints, as mobile devices proliferated and they were assembled into a collective of bei...
Protecting Your Children with Parental Controls
Chances are, your kids have never known a world when the internet wasn’t there—which is both good and bad news. On the one hand, it means these digital natives take to the online world much quicker than you or I ever did. On the other, it also means they’re less likely to question what they see o...
Ransomware Updates: Newest Threats, Protection Best Practices
Ransomware has consistently been in the spotlight since attacks first began emerging a few years ago. Now that new and powerful samples like WannaCry are being used to infiltrate large-scale organizations, ransomware continues to grab headlines. According to Trend Micro, one of the latest...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM
A pre-authentication remote code execution RCE chain in Oracle PeopleSoft PeopleTools abuses the Integration Broker's PSIGW gateway to execute code inside the application server's Java virtual machine JVM, evading behavioral and network sensors...
Embracing Choice in Cybersecurity: TrendAI Vision One™ and SentinelOne Integration
Discover how the TrendAI Vision One and SentinelOne integration exemplifies our commitment to endpoint flexibility...
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
CVE-2025-55182 is a critical CVSS 10.0 pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks see the context section for a more exhaustive list of affected frameworks...
Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...
How Google’s Wiz Acquisition Impacts CNAPP
Google aims to stake out a share of the CNAPP market and compete head-on against AWS and Microsoft Azure with its planned Wiz acquisition. What are the implications for companies invested in AWS and Azure cloud infrastructure?...
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage...
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines...
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Trend Micro's Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity...
Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions
Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE...
Bringing Security Back into Balance
This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology IT departments...
2 Weeks Out: Evolution at RSAC 2024
Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging threats...
Deepfakes and AI-Driven Disinformation Threaten Polls
Cheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election year...
Importance of Scanning Files on Uploader Applications
Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware...
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware...
A Deepfake Scammed a Bank out of $25M — Now What?
A finance worker in Hong Kong was tricked by a deepfake video conference. The future of defending against deepfakes is as much as human challenge as a technological one...
Protecting Your Network Security from Ivanti Zero-Day Threat
The overlooked vulnerability with real impacts...
Accelerating into 2024 with NEOM McLaren Formula E Team
...
Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024
In this blog entry, we discuss predictions from Trend Micro’s team of security experts about the drivers of change that will figure prominently in 2024...
Exploring Weaknesses in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks...
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases...
Cybersecurity Awareness Month 2023: 4 Actionable Tips
Make Cybersecurity Awareness Month a year-long initiative with these three actionable security tips to reduce cyber risk across the attack surface...
Zero Trust Adoption: Tips to Win Over Leadership
Implementing Zero Trust can be difficult due to outdated systems, employee resistance, and cost. Yet, the benefits outweigh the challenges. It is key to use a platform that combines multiple security technologies to simplify IT and risk assessment, proper planning, and getting security buy-in fro...
Decoding Turla: Trend Micro's MITRE Performance
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro's 100% successful protection performance...
Protect CNC Machines in Networked IT/OT Environments
Networking IT/OT environments is a bit like walking a tightrope, balancing the pursuit of intelligence and efficiency against the risks of exposing OT systems to the wider world. Trend Micro recently teamed up with global machine tool company Celada to identify specific risks associated with...
TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members...
What Can Generative AI do for Hybrid Cloud Security?
As enterprise security operations centers absorb cloud security functions, they face new challenges and require new skills. Generative AI can help by laying a secure cloud foundation and empowering SOC teams to respond effectively when threats arise...
The Journey to Zero Trust with Industry Frameworks
Discover the core principles and frameworks of Zero Trust, NIST 800-207 guidelines, and best practices when implementing CISA’s Zero Trust Maturity Model...
Break IT/OT Silos by Expanding SOC Responsibilities
The latest study said that enterprise SOCs are expanding their responsibilities to the OT domain, but major visibility and skills-related challenges are causing roadblocks...
7 Container Security Best Practices For Better Apps
Explore how to implement 7 container security best practices within a CI/CD pipeline built with tools from Amazon Web Services AWS...
How a Cyber Security Platform Addresses the 3 “S”
Explore how a security platform can help organizations address the 3 "S" impacting cybersecurity: stealth, sustainability, and shortage...
How to Reach Compliance with HIPAA
Explore how to fulfil HIPAA compliance standards without friction...
Understanding XPath Injection Vulnerabilities
The ability to trigger XPath queries with user-supplied information introduces the risk of XPath injection attacks. Read on to explore how these attacks work and discover how to keep your XPath queries secure...
Healthcare cybersecurity updated in HIMSS23
This update reports on the current state of cybersecurity in the healthcare industry from the CISA’s keynote in Cybersecurity forum of HIMSS23...
Water Orthrus's New Campaigns Deliver Rootkit and Phishing Modules
Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work...
Achieving Cloud Compliance Throughout Your Migration
Part of a secure cloud migration strategy is ensuring compliance of all the moving pieces. Just like your cloud journey, cloud compliance isn’t all about the final destination. Discover how to leverage cloud security tools to ensure compliance is met along the way...
Security Benefits of Cloud Automation
Learn more about how cloud automation can simplify security controls, policies, and scans...
Developing Story: Information on Attacks Involving 3CX Desktop App
In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX...
3 Shifts in the Cyber Threat Landscape
The threat landscape is always changing and these three major shifts are already underway. Learn to recognize them to protect your organization from cyber threats...
Emotet Returns, Now Adopts Binary Padding for Evasion
Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails...
Examining Ransomware Payments From a Data-Science Lens
In this entry, we discuss case studies that demonstrated how data-science techniques were applied in our investigation of ransomware groups' ransom transactions, as detailed in our joint research with Waratah Analytics, “What Decision-Makers Need to Know About Ransomware Risk.”...
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation...