2304 matches found
Forced Entry: A Security Test for Automatic Garage Doors
In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature...
Secure Public Web Apps Running on Azure
Discover how to meet your end of the shared responsibility model with simplified security integrations for Azure...
This Week in Security News – October 15, 2021
Actors target Huawei Cloud using upgraded Linux malware, 7-Eleven breached customer privacy by collecting facial imagery without consent and more...
Actors Target Huawei Cloud Using Upgraded Linux Malware
In this article, we discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud...
This Week in Security News – October 1, 2021
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Zloader, a notable recent ZBOT variant. Also, read on a recently introduced bill that would mandate ransom payment reporting...
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans RATs in victim systems. This new variant also uses an updated obfuscation mechanism which we detail...
1H’2021 Security Review Shows Active Cloud Attacks
Trend Micro’s midyear report highlights the growing importance of cloud security as attacks increase in frequency and complexity...
This Week in Security News - September 10, 2021
Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more...
Manage Open Source Software Library Risks
Learn about the growing open source library trend, the pros and cons of using open source code, and how to mitigate associated risks...
Key Takeaways from the Linux Threat Report
As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?...
Reality Check: The Future is Closer Than You Think
Trend Micro Chief Marketing Officer, Leah MacMillan, discusses why this is the ideal moment to leverage the investments you are making in digital transformation to drive your business forward even faster but without adding significant new risk...
Prevent Cyber Risk as a Managed Service Provider (MSP)
MSPs – Say no to the next Ransomware! Protect your Business 24x7 with Trend Micro’s security analysts...
Tesla “Recalls” Vehicles in China due to Safety Glitch
The recall affects over 200,000 Models 3 and Y vehicles...
XDR Security : More Security. More Savings.
You don’t have to sacrifice security for savings. Discover the business, security, and financial benefits of the XDR capabilities of Trend Micro Vision One in the ESG Economic Validation report...
Still Leading In Endpoint And Cloud Workload Security
Cloud workload security and endpoint protection are key to managing security risk. Two new independent IDC reports help CISOs consider their strategic partner options...
NIST Guidelines for Containerized Application Security
Learn how to secure containers and protect against breaches...
Are Tax Breaks Encouraging Ransom Payments?
Why tax deductions for ransom payments send the wrong signals to threat actors and their victims...
Employee Excellence within Trend Micro
The team behind a company is the reason for its success. At Trend Micro, we are proud to have a team filled with intelligent individuals who foster innovation to solve tomorrow's challenges to secure our digital world today...
Amazon Prime Day: Big Sales, Big Scams
For many people, major online shopping events such as the annual Amazon Prime day — which falls on June 21 this year — presents a unique opportunity to purchase goods at heavily discounted prices. However, shoppers are not the only ones looking to benefit — cybercriminals are also looking to prey...
Manage Open Source Code Security Risks
Open source code is in the vast majority of commercial softwares today. Learn best practices to mitigate the unique risks that accompany its use...
How to improve security for Amazon S3 buckets
Avoid post-deployment headaches by increasing the security of your Amazon S3 buckets and the objects stored within during the early phases of development...
Open Source Vulnerabilities Converging DevOps & SecOps
Open Source Vulnerabilities can be challenging to the already strained DevOps and SecOps relationship. Learn how increased visibility from the right can help prevent and close the long-standing cultural gap between the teams...
May Patch Tuesday Offers Relative Respite
Compared to the previous months of 2021, this month’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical...
This Week in Security News - April 16, 2021
April Patch Tuesday Sets Record High for 2021 and Fed Warns Cyber Threats Pose Danger to U.S Economy...
DevOps Teams Can Prove ISO Compliance with Automation
Learn the ISO standards for security and cloud compliance as well as the automated mechanisms to ensure those standards...
The Future of Cloud Security
Effectively securing the cloud is a long-term commitment, as the state of cybercrime and vulnerabilities are constantly evolving. Risk reduction comes from knowing how to secure the cloud now and into the future...
Secure Cloud Infrastructures with Application Security
Watch this video to see how applications can be simplified with serverless technologies and how security and monitoring controls can be seamlessly maintained in these constrained environments...
Cloud Misconfiguration Causes Breaches—How to Avoid it
Better understand the challenges surrounding misconfigurations and learn how Trend Micro Cloud One™ – Conformity can provide automated guardrails to help you build a better cloud architecture...
Run Command Line Interface with Hybrid Cloud Security
Learn how you can get started with running CLI commands against Trend Micro Cloud One™ services...
Automate Compliance in the Well-Architected Framework
Explore how Edrans, a DevOps, IT, and software consultancy, is using Trend Micro Cloud One™ – Conformity to adhere to the Well-Architected Framework and boost customers’ security, performance, and compliance...
Exploring Common Threats to Cloud Security
The adoption of cloud services helps drive agility, differentiation, and progress. But like any technological progress, cyber risks are attached. IT leaders need to embrace a more holistic, simpler way to manage security...
What Worries CISOs Most
From acquisitions to GDPR compliance, we interviewed a group of CISOs and IT security leaders to find out just what’s been keeping you and your peers up at night...
Hybrid Cloud Changes the Game for Security
How to protect critically important data residing on server workloads across the hybrid cloud while achieving significant operational benefits...
IT Security Team Staffing Shortages: Managing Risks and Attracting Talent
A company's C-suite has multiple priorities during this time of year: Getting next year's budget squared away while also ensuring the business is on a path toward its upcoming goals are two items high on this list. Another key element that executives must consider heading into 2018 is staffing...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 5, 2017
This week marked the first time an airline misplaced my bags for a significant period of time. Inclement weather forced me to not only change my flight, but also change airlines. Unfortunately, my luggage didn’t get the memo. I dealt with two airlines to find my bags, and I eventually received my...
Machine learning and the fight against ransomware
Ransomware is now everywhere. The number of emails containing ransomware rose 6,000 percent since 2015, and in 2016, 40 percent of all spam emails had one of these malicious programs hidden within, according to IBM. Other reports highlight the sophistication of ransomware nowadays and it's...
Supporting the National Cyber Strategy: How TrendAI™ Helps
A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life...
The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables
An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supp...
Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach
Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps...
From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA
Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials ROPC flow to authenticate without MFA...
TrendAI™ Supports Global Law Enforcement Efforts
Learn how TrendAI™ and our researchers contributed threat intelligence and analysis to support INTERPOL against cybercrime...
CISOs in a Pinch: A Security Analysis of OpenClaw
Learn about OpenClaw a sovereign agent and how this can be viable for enterprises...
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities...
Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI
TrendAI™’s ÆSIR platform combines AI automation with expert oversight to discover zero-day vulnerabilities in AI infrastructure – 21 CVEs across NVIDIA, Tencent, and MLflow since mid-2025...
What Does it Take to Manage Cloud Risk?
Learn why hybrid and multi-cloud environments are vital for IT and business success from our 2025 Trend Micro Defenders Survey...
Cyber Risk Management: Defenders Tell It Like It Is
Based on more than 3,000 responses from cybersecurity professionals in nearly 90 countries, our Trend Micro Defenders Survey Report 2025 shines a bright light on the current state of cyber risk management. From the impact of cloud and AI on IT environments to top technical and human challenges,...
Project View: A New Era of Prioritized and Actionable Cloud Security
In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management...
Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics
In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data...
From Data Loss Prevention (DLP) to Modern Data Security
It’s time to rethink your approach...
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series...