2303 matches found
Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors
Nigeria’s Economic and Financial Crimes Commission EFCC arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the group and their modus operandi...
Managing Cyber Risk: The People Element
Explore the latest findings from Trend Micro’s Cyber Risk Index 2H’2021 and how to better manage people to minimize cyber risk across the digital attack surface...
The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...
Utility Cybersecurity: Situational Awareness Cuts Risk
Trend Micro has released a technical report on how the electric utility industry can gain situational awareness across entire network...
10 best practices for S3 bucket security configuration
Explore the 10 best security practices for Amazon S3 and how easy it is to configure security features that can prevent these attacks...
This Week in Security News March 4, 2022
Global Cyberattacks: How to manage risk in times of chaos, and Ukraine-Russia cyber warzone splits cyber underground...
SMS PVA Part 2: Underground Service for Cybercriminals
In part two of this blog entry, we further investigate the innings of smspva.net and discuss the impact and implications of such services...
A Guide to the Well-Architected Framework
Discover the six pillars of the Amazon Web Services AWS and Azure Well-Architected Framework, examining best practices and design principles to leverage the cloud in a more efficient, secure, and cost-effective manner...
SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
Certain SMS PVA services allow their customers to create disposable user profiles or register multiple accounts on many popular online platforms. These services can be abused by criminals to conduct fraud or other malicious activities...
Why Cyber Change Outpaces Boardroom Engagement
Organizations must avoid the mistakes of the past and build a security-by-design culture that permeates enterprise-wide...
Codex Exposed: Task Automation and Response Consistency
Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage, so we wondered if a tool like Codex was reliable enough to be scripted and left to run unsupervised, generating the required code...
Analyzing DevSecOps vs. DevOps
Learn the difference between DevSecOps and DevOps and get tips to smoothly embed security throughout the entire build lifecycle...
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
Our long-term monitoring of the cyberespionage group Earth Centaur aka Tropic Trooper shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation...
A Look Into Purple Fox’s Server Infrastructure
By examining Purple Fox’s routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers SOCs, and security researchers find and weed out Purple Fox infections in their network...
Cybersecurity Trends for 2022
Explore Trend Micro Research’s security insights and predictions for 2022 to enable more informed and proactive decision-making...
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware...
Top 10 AWS Security Misconfiguration
Misconfigurations pose the biggest threat to cloud security. We compiled the top 10 AWS services with the highest misconfiguration rates...
COP26 Backs Electric Vehicles to Reduce Climate Change
The 26 United Nations Climate Change Conference pushes for countries of parties to adopt more widespread EV use in order to reduce the looming threats of climate change...
Ransomware as a Service 101
To help you enhance your defense against ransomware, Trend Micro Research shares key insights on how ransomware as a service RaaS operators work...
Groups Target Alibaba ECS Instances for Cryptojacking
We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero...
QAKBOT Loader Returns With New Techniques and Tools
QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using...
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
In October 2021, we observed threat actors targeting poorly configured servers with exposed Docker REST APIs by spinning up containers from images that execute malicious scripts...
This Week in Security News - October 29, 2021
What to Expect in a Ransomware Negotiation & Cybercriminals Claim to Have Hacked the NRA...
Private 5G Security Risks in Manufacturing Part 3
We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry...
This Week in Security News – October 15, 2021
Actors target Huawei Cloud using upgraded Linux malware, 7-Eleven breached customer privacy by collecting facial imagery without consent and more...
Simplify Security with Open Source Code Scanning Tools
Explore how source security tools can help mitigate the risk of utilizing open source libraries, saving development effort by using open source components while ensuring your final product’s security...
Enhance Network Security for AWS Transit Gateway
Increase security and visibility for lateral and outbound network-loads using the look-aside inspection architecture...
Examining the Cring Ransomware Techniques
In this entry, we look at the techniques typically employed by the Cring ransomware, as well as the most affected regions and industries...
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American entities...
What do Developers Look for When Choosing Software
We asked five software developers at Trend Micro how they research the software solutions they use professionally or in their own projects...
Analyzing SSL/TLS Certificates Used by Malware
We take a closer look at the SSL/TLS certificates used by malware...
Prioritize Security Controls for Critical AWS Assets
Learn best practices for securing your sensitive data in your Amazon Web Services AWS environments with automated tools that integrate into your pipeline...
Homeland Security Releases New Cybersecurity Rules
DHS's second issue requires pipeline operators to implement various cybersecurity measures to protect their operations from cyber attacks. This directive also builds upon the department's May directive following the Colonial Pipeline attack...
Automate Malware Quarantining for Workloads
Leverage automated and programmable APIs to quickly secure and quarantine workloads without interrupting downstream workflows...
The First Half of 2021 Cyber Risk Index
Learn about the current state of cyber risk organizations are facing today based on the Cyber Risk Index results for the first half of 2021...
Shifting Security Left with Trend Micro and Snyk
Explore how to foster a DevSecOps culture by securing open source code in the early stage of the DevOps process...
ETSI Publishes IoT Testing Specs for MQTT, COAP
On June 25, 2021, ETSI released its new IoT Testing Specifications completed by the organization’s committee on Methods for Testing and Specifications. The documents contain seven standards addressing the testing of the IoT MQ Telemetry Transport MQTT and Constrained Application Protocol CoAP...
This Week in Security News - July 9, 2021
Kaseya hit with ransomware attack and top 3 mobile threat takeaways from MWC...
Threats Ride on the Covid-19 Vaccination Wave
We continue monitoring cybercriminals and threats that abuse the pandemic. In this update, we detail trends in malicious activities and deployments that exploit vaccination developments and processes worldwide...
3 Major Benefits of Cloud Migration: Cloud Compliance
Part of a secure cloud migration strategy is ensuring compliance of all the moving pieces. Just like your cloud journey, compliance isn’t a final destination. Discover how to leverage cloud security tools to ensure compliance is met along the way...
Build a Complete Cloud Visibility Strategy
Trend Micro Cloud One + New Relic come together to offer complete cloud visibility...
Is this the “Summer of Cybercrime”?
Summer is just around the corner, and malicious actors don’t seem to be planning a vacation as cybercrime continues to ramp up. Learn some security recommendation you can implement to help minimize the risk of compromise...
#LetsTalkSecurity: Transformational Security
Let's Talk Security: Season 02 // Episode 01: Host, Rik Ferguson, interviews Business Information Security Officer from S Global Ratings, Alyssa Miller. Together they discuss transformational security...
The U.S. EO on Ransomware: What Does it Mean? – Part 2
The White House is urging companies to do more to stem the tide of ransomware attacks now that they are starting to impact critical infrastructure and supply chains. It is a good start, but what will be the implication of this to U.S. businesses?...
Threats From a Compromised 4G/5G Campus Network
5G acts as a catalyst for change for industrial environments. One part of its deployment is the 4G/5G campus network for some organizations. In our research we delve into the security risks and implications of this technology...
This Week in Security News May 21, 2021
ZDI Tops Omdia Vulnerability Disclosures Again and Robots May Take Over Cybercrime by 2030...
The creation and success of a documentation site
Gain a better understanding of why collaboration between developers and writers is necessary to create a successful documentation site...
This Week in Security News May 7, 2021
New Panda Stealer Targets Cryptocurrency Wallets and Apple Releases Urgent Security Patches for Zero-Day Bugs...
The Storybook Approach to MITRE ATT&CK
Read this year’s MITRE Engenuity ATT Evaluations story, which simulates techniques associated with notorious threat groups Carbanak and FIN7 to test solutions' ability to detect and stop APT & Targeted Attacks...
Celebrating 3 years of the Cybersecurity Tech Accord
Cybersecurity Tech Accords has grown significantly in the past 3 years, today having 150 signatories across 5 continents, united in the fight against cybercrime...