2303 matches found
This Week in Security News: 5G Security and Tax Scams
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity and data concerns in 5G. Also, learn about cybercriminal threats during tax season. Read on: Securing Enterprises...
BEC Will Reach Two Levels Deeper
In our predictions report for 2019, “Mapping the Future: Dealing with Pervasive and Persistent Threats,” we foresaw an increase in the rate of BEC business email compromise attacks: “Business email compromise will go two levels down in the org chart.” From the report: | “Business email compromise...
Tech Support Scams: What are They and How do I Stay Safe?
If you read this blog regularly you’re no doubt aware that cyber-criminals are a determined bunch, with a large range of tools and tactics at their disposal to rob you of your identity and hard-earned cash. Tech support scams TSS are an increasingly popular way for them to do just this. In 2017,...
Trend Micro Identified as a Representative Vendor for its Protection Capabilities For Cloud Workloads
We are proud to be included in this year’s Gartner Market Guide for Cloud Workload Protection Platforms report, which included 24 security leaders in Cloud Workload Protection solutions. Trend Micro was identified with 16 out of 21 capabilities listed by Gartner. Trend Micro delivers unique serve...
This Week in Security News: Malvertising and Internet of Things Malware
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 19, 2018
Earlier this week, Trend Micro released its Security Roundup for 2017, which reveals an increase in ransomware, cryptocurrency mining and business email compromise BEC attempts over the past year as cybercriminals refined and targeted their attacks for greater financial return. Surprisingly, some...
Why You Should Pick a Leader for Your Enterprise Email Security
Email is a mature technology, but threats targeting email are evolving and getting more sophisticated. 97%1 of ransomware attacks come from email. That’s why there are so many email security vendors and solutions in the market offering different types of technologies and coverages. Picking the be...
UNITEDRAKE Looms Large…Maybe
Responsible disclosure is a critical process in the security community. It’s the way for security researchers and vendors to work together in order to improve system security for users. We see the opposite of this process in the digital underground. Cybercriminals often sell exploits and maliciou...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 17, 2017
If you conduct a search on the Web for the number of languages spoken around the world, you’ll see numbers ranging anywhere from 6,000-7,000. I figure I’m doing okay since I can speak English and Spanish, sign the English alphabet, recite the Greek alphabet, and read music. There are roughly over...
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report...
Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 2
Art and cybersecurity are not two worlds usually seen sharing the same orbit. But at Trend Micro we believe there’s a vision, a mastery of skill and a passion which unites both. It’s an approach we’ve spent the past three decades honing as serious barriers have emerged to challenge IT efforts to...
Trend Micro Redefines Endpoint Security with Apex One™
Today, Trend Micro is excited to bring you Apex One, the evolution of our endpoint security solution for enterprise. Apex One combines a breadth of threat detection & response capability with investigative features, in a single agent. Over the last few years, endpoint investigative features have...
Securing IoT Networks
Q: How do you segment a mesh? A: You can’t. Legacy IoT devices, Industrial Control Systems with custom networking, are exceptionally difficult to secure. Typically, these devices contain only enough compute capabilities to support their primary operational function. They have limited memory, low...
This Week in Security News: Senate Hearings and Equifax Breaches
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, leaders of six security agencies testified before the Senate Intelligence Committee, the Equifax hack grew in severity, and hackers used the...
This Week in Security News: Microsoft vs. Amazon in the Cloud and Escalated Risk in the Oil and Gas Industry
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity risk facing the oil and gas industry and its supply chain. Also, read about what Trend Micro’s CEO, Eva Chen, has ...
This Week in Security News: Cloud Risks and Container Vulnerability
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about this year’s current uses and emerging risks of the cloud. Also, find out what new vulnerability was found in containers. Read on...
Stop Office 365 Credential Theft with an Artificial Eye
We all know that email remains by far the number one threat vector facing organizations today. Trend Micro blocked more than 20.4 billion threat in the first half of 2018 alone, nearly 83% of which were email borne. But there’s more: corporate email accounts have also become a key target for...
Zero-Day Coverage Update – Week of July 16, 2018
One night this week, I came across one of my favorite movies Willy Wonka and the Chocolate Factory. The world had gone crazy after the reclusive Willy Wonka announces that he has hidden five golden tickets in chocolate Wonka Bars that promised a factory tour and a lifetime supply of chocolate...
PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR MDR team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability CVE-2021-1732 and optimized rootkit capabilities leveraged in their attac...
This Week in Security News: Radio Frequency Technology and Telecom Crimes
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how radio frequency technology is putting industrial organizations at risk. Also, understand the threat landscape of telecommunication...
Two-Factor Authentication: What is it and why do I need it to stay safe online?
Today, Americans are living more and more of their lives on the internet. We shop, bank, socialize, work and play online. But as our digital lives become increasingly important, they are also exposed to greater risks. Hackers are lurking around every corner ready to steal our identities, drain ou...
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations...
Five Mistakes I Bet You Are Making with your Managed Services business
As a managed service provider, your customers have entrusted you to manage their IT infrastructure and their security so it’s important that you are making the right choices to secure their environments and keep cyber criminals at bay. In my years of working with our Managed Service Provider...
Exploit Kit Attacks on the Rise as Astrum Emerges
While the cyber security industry noticed a reduction in exploit kit attacks during 2016 as well as early into 2017, these are still veritable threats that organizations must be aware of. Exploit kits typically follow a four-stage attack scenario, resulting in dangerous infections such as...
CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched...
Where Will Ransomware Go In The Second Half Of 2019?
Ransomware has been an evolutionary malware family that continues to shift and change over the years. From the first fakeAV, to police ransomware, to the now oft-used crypto-ransomware, this threat just will not go away. Based on the latest trends, we predict this threat will grow in the second...
Celebrating the Next Generation of Technology Innovators
At Trend Micro, it’s our mission to secure the connected world. However, we want to go beyond the boundaries of the cybersecurity industry to support and learn from the technology innovators of tomorrow. That’s what our venture arm, Trend Forward Capital, is all about. As part of these efforts, w...
Hit the Easy Button for Your Organization’s Gmail Security
Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations. One of the many reasons of Gmail’s popularity is its security...
ATM Users May Soon Face More Malware
By: David Sancho, Senior Threat Researcher at Trend Micro and Juan Jesús León, Product and New Development Manager of GMV Secure e-Solutions Trend Micro and GMV - an industry expert on ATM security - presented last week in London, during ATMSec, a conference focused on the topic. Our presentation...
Investigating BlackSuit Ransomware’s Similarities to Royal
In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal Ransomware...
8220 Gang Evolves With New Strategies
We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability...
In Identity Theft the Target is You!
The hard truth is that identity data is the new gold—and criminal panhandlers are mining it for sale and distribution on the Dark Web. Indeed, the internet provides ways for big data breaches to result in disastrous leaks of huge databases of personal information, resulting in detailed profiles o...
The Fileless, Non-Malware Menace
There’s an old expression: if it looks like a duck, walks like a duck, and quacks like a duck, then it must be a duck. What happens, though, if the duck in question is malware that doesn’t behave like typical malware? Namely, it doesn’t drop a file on your disk to infect your computer, hijack...
BEC is Big Business for Hackers: What makes these attacks so hard to prevent?
For years, one of the most lucrative ways for hackers to generate profits was through ransomware attacks. These instances involve the use of strong encryption to lock victims out of their files and data - attackers then sell the decryption key in exchange for an untraceable Bitcoin ransom payment...
This Week in Security News: Hijacks and Healthcare
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Singapore looks into the effectiveness of virtual browsers in an attempt to reduce cyberattacks on healthcare systems. Also, cybercriminals...
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints...
A Game of Risk with Broadcasters, Cyber Felons and Dragons
Submitted by Steve Ng, Lead, Digital Platform Operations, Mediacorp Where there’s money, there has always been crime. But what if money came in the form of intangible digital assets and crime in the form of cyber adversaries? In fantasy role-playing game Dungeons & Dragons, dragons are intelligen...
Small businesses to receive NIST assistance: Overlooked areas of the NIST framework
In years past, it was a challenge for organizations across every industry to ensure they were protected against the risks of - and ready to respond to - a cybersecurity incident. Decision-makers and IT administrators alike followed the advice of experts and worked to create strong safeguards and...
Small Business: A Target for Cyber Criminals
The age of cyber threats has been marked with critical vulnerabilities, evolving strains and organizations that have faced the consequences. Target's breach, the rise of ransomware like WannaCry and the recent Equifax hack serve as lessons that these attacks are the new normal for companies, maki...
Earth Estries Targets Government, Tech for Cyberespionage
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures TTPs employed, we observed overlaps with the advanced persistent threat APT group FamousSparrow as Earth Estries targets governments and...
This Week in Security News: Trend Micro and Snyk Partner to Fight Open Source Security Flaws and Ransomware Has Gone Corporate
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro and Snyk’s new co-developed solution to help manage the risk of open source vulnerabilities. Also, read about a new...
Are Your Passwords Secure Enough?
Online passwords are sensitive data. When they end up in the wrong hands, your private information is at risk. Since cybercriminals are always searching out new ways to break into those online accounts, you need to watch over the passwords to your accounts as if they were your children. Since we...
Answers to Your Questions on Our Apps in the Mac App Store
Updated Oct. 4; please scroll down for latest information. Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false. Trend Micro has completed an initial investigation of a privacy concern related to some of its macOS consumer...
How Digital Extortion Impacts Today’s Enterprises
By now, many enterprise decision-makers are familiar with the concept of digital extortion, particularly in the form of ransomware. These encryption-based attacks lock users out of their sensitive and valuable data, applications and operating systems. Attackers demand a ransom in the form of...
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems...
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution...
Actors Target Huawei Cloud Using Upgraded Linux Malware
In this article, we discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud...
This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also,...
Whats So Strategic About the Trend Micro and Snyk Partnership?
What does a partnership between Trend Micro and Snyk mean for you, the customer? Can you really develop and deploy applications anywhere without security slowing you down? Greg Young, VP of Cybersecurity for Trend Micro, explains how the partnership benefits Trend Micro and gives our customers an...
Beyond The Standard CISO Cloud Security Guide
Verizon recently released a 5 step process for evaluating cloud security products and services to inform purchase decisions. That’s a fantastic tool for buyers to have. This is especially helpful because cloud discussions are almost always driven by business objectives to satisfy a cost and or...