YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation

The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives...

Managing Cyber Risk: The People Element

Explore the latest findings from Trend Micro’s Cyber Risk Index 2H’2021 and how to better manage people to minimize cyber risk across the digital attack surface...

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately...

How to implement AWS Sustainability Pillar principles

Learn more about the AWS Well-Architected Framework Sustainability Pillar and how to securely and efficiently implement the six design principles to help you reduce your environmental impact while balancing agility and operational excellence...

Cyber Risk Management Strategies from Arjo CIO

Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...

New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report...

New Linux-Based Ransomware 'Cheerscrypt' Targets EXSi Devices

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report...

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report...

Celebrating 15 Years of Pwn2Own

Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own's 15th anniversary, what we've learned, and how the program will continue to serve the cybersecurity community in the future...

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...

The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content...

Detect Azure AD Hybrid Cloud Vulnerabilities

AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory AD and Microsoft 365 - learn how to protect against their common vulnerabilities...

Cyber risk management: Attribution strategies

Discover the importance of cyber attribution, the benefits, and the right tools to assist your efforts so you can better manage cyber risk across your digital attack surface...

Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report...

Trend Micro's One Vision, One Platform

Why Trend Micro is evolving its approach to enterprise protection...

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys...

Sandstone CTO shares how to assess cyber risk in the cloud

Chaitanya Pinnamanemi discusses how visibility and prioritization are key to securing your digital attack surface and reducing cyber risk...

The Difference Between Virtual Machines and Containers

Discover the key differences, use cases, and benefits of virtual machines and containers...

S4x22: ICS Security Creates the Future

The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE...

Adding Guardrails To A Cloud Account After The Fact

This article outlines a priority checklist of which guardrails need to be applied to an existing cloud account. Answering questions like, can these guardrails be implemented without breaking anything? What level of testing is required?...

Security Above and Beyond CNAPPs

How Trend Micro’s unified cybersecurity platform is transforming cloud security...

Examining the Black Basta Ransomware’s Infection Routine

We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics...

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver...

Workshop: Simplifying Network Security in the Cloud

In this workshop, you will learn how to leverage Trend Micro Cloud One™ - Network Security to provide a powerful network security layer which can be deployed seamlessly into your existing AWS architecture...

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions...

AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell

We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions...

New AWS Competency Category - Why It's Important

AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

We recently found a new advanced persistent threat APT group that we have dubbed Earth Berberoka aka GamblingPuppet. This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families...

Trend Micro Partnering with Bit Discovery

We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets devices, identities, applications but also external, internet-facing assets...

Aligning the c-suite with cyber risk management

As we creep toward a post-pandemic world, organizations need to plan accordingly. Explore Trend Micro’s latest cyber risk research to enable your business to maximize its growth and potential...

Unified Cybersecurity Platform: Why CISOs are Shifting

Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams with a unified cybersecurity platform so you can be more resilient with less resources...

New Partner Bit Discovery Helps TM with Attack Surface

We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets devices, identities, applications but also external, internet-facing assets...

Cybersecurity Predictions for 2022

Explore Trend Micro Research’s security insights and predictions for 2022 to enable more informed and proactive decision-making...

How to better manage your digital attack surface risk

As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your...

How XDR Security Aids in Cyber Risk Management

Trend Micro's VP of Threat Intelligence, Jon Clay, explores the latest trends in today's threat landscape and why XDR is key to better understanding, communicating, and mitigating cyber risk across your enterprise...

How to better manage your digital attack surface risk

As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your...

Cryptomining Overview for DevOps

Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery...

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners...

Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners

Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners...

Secure application development cloud best practices

The need for agility can often sideline security best practices; we explore how to build with security at the forefront without compromising time to delivery...

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response XDR capabilities. BlackCat aka AlphaVM or AlphaV is a ransomware family created in the Rust programming language and operated under...

Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders

We take a look at our latest Cyber Risk Index CRI findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk...

Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders

We take a look at our latest Cyber Risk Index CRI findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk...

Cybersecurity Basics: Authentication and Authorization

With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...

Why the Mitre Engenuity ATT&CK Evaluations Matter

This year’s MITRE Engenuity™ ATT&CK Evaluation simulates techniques associated with notorious threat groups Wizard Spider and Sandworm to test solutions' ability to detect and stop APT and Targeted Attacks...

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware...

TM Named CWS "Strong Performer" in Forrester Wave 2022

Trend Micro was named a strong performer in the Forrester Wave™: Cloud Workload Security, Q1 2022, achieving the highest possible score in the market presence category. That said, Trend Micro Cloud One secures far more than workloads and containers...

How to Optimize Your Lambda Code

Learn how to make your code run more efficiently in AWS Lambda, so you can save money and time!...