2303 matches found
What is Cloud Native?
You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements of a true cloud native application...
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...
Apache Log4j: Mitigating risks
Explore tactical measures and strategic guidance to mitigate ongoing risks caused by Apache Log4j Log4Shell...
This Week in Security News - December 17, 2021
This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause ‘incalculable’ damage...
Top 10 Azure Cloud Configuration Mistakes
Trend Micro Research determined the top 10 Azure services with the highest configuration rates...
Virtual Patching 101
Get the lowdown on virtual patching: a simplified, automated solution to shielding vulnerabilities from exploits...
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques...
Build a Modern Ransomware Protection Strategy
With ransomware heavily targeting critical industries in 2021, find out how you can establish a strong cybersecurity defense strategy against this evolving, costly threat...
A Review and Analysis of 2021 Buer Loader Campaigns
Buer Loader has established itself well in the underground market and has since seen continuous development. In this blog entry, we review its 2021 campaigns, tactics, and activity...
Cracking the code in the boardroom
Former FBI Special Agent, Scott Augenbaum talks about how CISOs can successfully communicate with the board to implement more preventative protection...
Cybersecurity Trends & Predictions for CISOs
Jon Clay, VP of threat research at Trend Micro, predicts cybersecurity attacks CISOs need to prepare for...
Security Risks with Private 5G Networks in Manufacturing Part. 3
We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. The option of Private 5G lets private companies and local governments have their own...
Workshop: Visibility Into Open Source Code
Learn how to leverage Trend Micro Cloud One - Open Source Security by Snyk with your code repositories and CI/CD pipelines to scan projects. Resulting in better visibility, tracking, and early awareness into open source issues...
Leverage Virtual Patching to Prevent Network Threats
Implementing an intrusion prevention system is only one step in your cybersecurity efforts. Learn how virtual patching helps keep your IPS up to date and protect against zero-day threats, keeping your systems safe from attack...
What To Expect in a Ransomware Negotiation
We wanted to get a better understanding of what victims go through during the aftermath and recovery process of a ransomware attack to help others in case they find themselves in a similar situation. To do this, we analyzed victim support chats for five ransomware families...
Ransomware Operators Found Using New "Franchise" Business Model
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a "supplier" ransomware before deployment instead of simply distributing it under the original name...
Analyzing Email Services Abused for Business Email Compromise
We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims...
New Bill to Require Cyber Attack Reporting in the US
The Cyber Incident Notification Act of 2021 would also require CISA to launch a program that would notify organizations of various vectors that malicious actors exploit...
CISA, NIST Says Use Cybersecurity Control Systems
The agencies conducted a crosswalk of existing cybersecurity documents and identified nine categories to be used as the foundation for preliminary control systems cybersecurity performance goals...
Cyberattacks from all Angles: 2021 Midyear Report
We look at the most pertinent cybersecurity issues organizations across the globe faced in the first half of 2021...
This Week in Security News - September 17, 2021
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware...
September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins...
The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
The United Nations Regulation No. 155 sets requirements for cybersecurity in vehicles. We conducted a threat modelling exercise on its defined attack vectors as a form of risk assessment in order to help organizations comply with this regulation and identify what to prioritize...
What the Norton-Avast Merger Means for Cybersecurity
Recently two consumer cybersecurity vendors merged their respective businesses, what will the impact be on customers, and the cybersecurity industry?...
This Week in Security News - August 20, 2021
This Week in Security News: Tokyo Olympics Leveraged in Cybercrime Attack and T-Mobile Confirms Hack...
Tokyo Olympics Leveraged in Cybercrime Attack
Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam...
Micro Frontend Guide: Overview
How can you get the most out of your web applications? Explore why Micro Frontend is ideal for evolving organizations...
A Cloud Migration Strategy with Security Embedded
Learn how to build a cloud migration strategy that keeps security in mind...
5 #TrendTips for Open Source Security
You use many application development tools to create your next masterpiece, but you also need to ensure you're not bringing open source security risks into the equation. Find out how in this article...
This Week in Security News July 2, 2021
Nefilim ransomware attack through a MITRE Att lens and PoC exploit circulating for critical Windows Print Spooler bug, and more...
Software composition analysis 101
Open source is everywhere. Learn how software composition analysis can automate open source management to secure your applications...
#LetsTalkSecurity: Adapt or Die
Let's Talk Security: Season 02 // Episode 02: Host, Rik Ferguson, interviews Forrester Analyst, Allie Mellen. Together they discuss to adapt or die...
This Week in Security News June 18, 2021
Bash ransomware targets Linux Distributions and Trend Micro touts zero trust risk insights...
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script...
An Expert Discussion on Zero Trust
Zero Trust is the key strategy moving forward to secure the always changing hybrid workplace. Listen in as two of our industry experts discuss how risk insights are key component of Zero Trust security...
Looking Ahead: The Post-Pandemic Security Landscape
One year into the pandemic, our team at Trend Micro discussed the lasting impact that Covid-19 will have on people’s way of life and what a post-pandemic “new normal” might look like...
This Week in Security News - May 28, 2021
Nearly 50,000 IPs Compromised in Worm-like TeamTNT Attack and Misconfigurations are the Biggest Threat to Cloud Security...
SecOps: Tips for reducing open source vulnerabilities
Check out this infographic to gain insight on enabling a strong DevSecOps culture by ensuring open source code is secure, allowing developers to build quickly and meet business objectives...
This Week in Security News May 14, 2021
May Patch Tuesday Offers Relative Respite and What We Know About DarkSide Ransomware and the US Pipeline Attack...
The Cybersecurity Executive Order: What does it mean?
While much of the EO may not be new or bold concepts, the potential for long term impact to federal cybersecurity is high and immediate...
Shift Left: Moving Container Security into the Dev, Test, and Build Process
Learn how you can use a DevOps methodology that optimizes application deployments and provides greater security for containers. This article explains how to move security into the container creation process in the DevOps workflow...
DevSecOps: How to Systematize Security into the Dev Pipeline
Security within an organization cannot be siloed or left up for DevOps teams to figure out and manage. Learn how applying DevSecOps best practices will have a noticeable positive impact on the security of your overall applications...
DevOps Teams can learn from Clubhouse compliance woes
As Clubhouse continues to launch new features and gain popularity, protecting sensitive data and adhering to compliance should be on everyone’s mind...
This Week in Security News - April 23, 2021
XCSSET Quickly Adapts to Macs and Babuk Ransomware Gang Claims Decryptor Repaired...
How to scan and encrypt objects in S3 buckets
This article explains how to scan objects in S3 buckets against malware and keep your objects encrypted with SSE-KMS...
Cyber-insurers Endorse Cloud Security Platform
With so many vendors in the market, the Marsh initiative has created the Cyber Catalyst to help IT buyers find the right option for them...
April Patch Tuesday Sets Record High for 2021
April’s Patch Tuesday fixes 114 vulnerabilities in various Microsoft products, a slight increase from March’s 89. This is the most vulnerabilities fixed in a month for 2021 to date, as well as a slight increase from the same month last year...
A Spike in BazarCall and IcedID Activity Detected in March
We discuss the cases of BazarCall and IcedID we observed in March. Both are known for the use of spam to deliver their payloads...
This Week in Security News - April 2, 2021
Alleged Members of Egregor Ransomware Cartel Arrested and Cybercriminals Home in on Manufacturers...
Injecting Deception Mid-Pandemic: Covid-19 Vaccine Related Threats
We share some of our findings on malware, spam, phishing schemes, malicious websites, and illicit markets that use Covid-19 vaccines as a lure...