2303 matches found
TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members...
Zero Trust Frameworks for Industry
Discover the core principles and frameworks of Zero Trust, NIST 800-207 guidelines, and best practices when implementing CISA’s Zero Trust Maturity Model...
A Better Way to Secure Servers & Cloud Workloads
Why endpoint security falls short in the complexity of modern IT infrastructure...
Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack...
AI Coding Companions: Comparing AWS, GitHub, & Google
Top cloud vendors and software companies are rolling out AI coding companions that use generative AI to speed up and streamline DevOps. In this blog, we take a look at what some of these new tools have in common, where they differ, and what they mean for cybersecurity...
Guide to Operationalizing Zero Trust
Zero Trust is no longer a buzzword but an essential element in enterprise security architecture. Operating on the 'never trust, always verify' principle, Zero Trust plays a vital role in protecting enterprise assets and data. However, operationalizing Zero Trust can be challenging for businesses...
Deliver ISO Compliance with Automation
Learn the ISO security and cloud compliance as well as the automated mechanisms to ensure those standards...
The Well-Architected Framework Guide
Discover the six Amazon Web Services AWS pillars by examining best practices and design principles to leverage the cloud in a more efficient, secure, and cost-effective manner...
How Zero Trust Can Help Your Organization: Strengthening Security and Supply Chain Assurance
In this article, we will explore how Zero Trust can benefit your organization, focusing on its ability to enhance security, secure supply chains, and align with international regulatory frameworks...
Generative AI Assistant Makes Hunting Threats Faster
Learn how analysts can search for threats with greater accuracy, speed, and effectiveness...
Ransomware Insurance: Security Strategies to Obtain Coverage
Ransomware accounts for 75% of all cyber insurance claims, yet 40% of business currently lack the coverage needed. Discover security strategies to help you meet ransomware insurance requirements...
Building a seamless and secure cloud environment with AWS
Elevate cloud capabilities and stay ahead in today's dynamic cloud landscape...
What is Secure Web Gateway’s (SWG) Role in Zero Trust?
Explore why secure web gateway SWG is important to effectively secure cloud resources and reduce cyber risk across the attack surface and the role a zero trust strategy can play...
Azure vs. AWS Developer Tools Guide
Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...
Diversification drives success
Trend’s diversification of business units and geographic markets provides resilience that enables growth, anticipation and innovation...
Inside the 2022 Email Cyber Threat Landscape
Key trends and predictions you should know about...
Trend Achieves AWS Level 1 MSSP Competency Status
Trend offers 24x7 fully managed security services uniquely designed in collaboration with AWS security experts to protect, monitor, and respond to security events of AWS environments...
Choosing a Hybrid Cloud Security Solution 101
Explore helpful tips for choosing the right hybrid cloud security solution to address cybersecurity challenges of today and tomorrow...
Fighting mercenaries with the Cybersecurity Tech Accord
Trend Micro co-Authors Cyber Mercenary Principles to help guide the technology industry and others in dealing with the growing market of cyber mercenaries...
MLOps Security Best practices
MLOps provides a systematic approach to evaluating and monitoring ML models. Discover the various security concerns associated with MLOps and learn the best practices for using it securely...
Transport Layer Security (TLS): Issues & Protocol
Although Transport layer security TLS provides enhanced security, cybercriminals have become increasingly savvy, finding ways to circumvent many of these protections. Learn how malicious actors exploit vulnerabilities within TLS to introduce new forms of malware...
A Cybersecurity Risk Assessment Guide for Leaders
Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface...
Monthly Threat Webinar Series in 2023: What to Expect
Stay informed and stay ahead...
Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events This is the intrusion set we track behind the creation of Batloader...
Abusing a GitHub Codespaces Feature For Malware Delivery
Proof of Concept POC: We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server...
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms...
Cyber Insurance Policy Underwriting Explained
Cybersecurity insurance is a must have for organizations of any size. John Hennessy, RVP at Cowbell discusses cyber insurance policy underwriting process, market trends, and the key security controls for businesses...
Electricity/Energy Cybersecurity: Trends & Survey Response
Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations...
Improve Post-Quantum Cryptography Security with CSPM
Gain valuable insight into the emerging world of post-quantum computing. Understand the threats attackers with access to quantum computers pose. Learn how harnessing the power of cloud security posture management CSPM can mitigate these looming dangers...
Attack Surface Management 2022 Midyear Review Part 3
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year...
Cyber Hygiene: 5 Tips for Company Buy-In
Good cyber hygiene starts with buy-in from across the enterprise. Discover how CISOs can establish a company-wide security culture to enhance cyber hygiene effectiveness and reduce risk...
CISA Gov: '23-25 Plan Focuses on Unified Cybersecurity
William Malik, VP of Infrastructure Strategies, shares his opinions on the goals and objectives outlined in the CISA Strategic Plan 2023-2025...
Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques
We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing clo...
Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities...
Improving Software Supply Chain Security
Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk...
Worldwide 2021 Email Phishing Statistics & Examples
Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2021...
ICS & OT Cybersecurity Attack Trends
We explore Trend Micro’s latest research into industrial cybersecurity, including the impact of attacks, maturity of security programs, and recommendations for strengthening security...
Amazon EKS vs Azure Kubernetes Service
Managed Kubernetes services help organizations deploy, configure, and manage Kubernetes clusters. This article compares two of the biggest service providers: Amazon EKS and Azure Kubernetes Services...
New AWS Competency Category - Why It's Important
AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...
How to better manage your digital attack surface risk
As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your...
Cybersecurity Basics: Authentication and Authorization
With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers...
Mitigate Top 5 Common Cybersecurity Vulnerabilities
Vulnerabilities in software and infrastructure are a fact of life for developers and SREs. But when you understand vulnerabilities, you can minimize their impact. Learn more about five common threats and how to mitigate them...
Cyberattacks are Prominent in the Russia-Ukraine Conflict
As Russia invaded Ukraine, our researchers have also observed a number of alleged cyberattacks perpetrated by different groups. Our research teams have verified and validated internal data and external reports to provide accurate information that can be used to strengthen defenses against these...
Global Cyberattacks Tied to the Russian Invasion of Ukraine
Cyber-risk management and security fundamentals are the key to cyber-resilience. 5 best practices to manage your cyber risk...
Security Automation with Vision One & Palo Alto
Trend Micro Vision One™ integrates with Palo Alto Networks Cortex™ XSOAR to drive automated response to incidents uncovered by Vision One...
Cryptojacking Attacks Target Alibaba ECS Instances
Discover how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero...
What is Cloud Native?
You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements of a true cloud native application...
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...
Apache Log4j: Mitigating risks
Explore tactical measures and strategic guidance to mitigate ongoing risks caused by Apache Log4j Log4Shell...