2303 matches found
Tutorial: How to Build Your First Node.js gRPC API
Compared to other API technologies like REST and GraphQL, gRPC is lightweight and exceptionally robust, thanks in large part to its use of protobufs. Interested in exploring how to build your own API? Read on to see how easy it is to do so with Node.js and gRPC...
YourCyanide: A CMD-Based Ransomware With Multiple Layers of Obfuscation
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives...
Trend Micro Partners With Interpol and Nigeria’s EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors
Nigeria’s Economic and Financial Crimes Commission EFCC arrested three suspected scammers from Nigeria who were involved in global scamming campaigns via a sting operation that is part of Operation Killer Bee. Trend Micro provided information on the group and their modus operandi...
Cyber Risk Management Strategies from Arjo CIO
Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...
YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives...
Managing Cyber Risk: The People Element
Explore the latest findings from Trend Micro’s Cyber Risk Index 2H’2021 and how to better manage people to minimize cyber risk across the digital attack surface...
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately...
How to implement AWS Sustainability Pillar principles
Learn more about the AWS Well-Architected Framework Sustainability Pillar and how to securely and efficiently implement the six design principles to help you reduce your environmental impact while balancing agility and operational excellence...
Cyber Risk Management Strategies from Arjo CIO
Andrea Berg, CIO of Arjo, explores the critical need for effective and inclusive communication around IT requirements to expand beyond the security team and improve cyber risk management...
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings on in this report...
New Linux-Based Ransomware 'Cheerscrypt' Targets EXSi Devices
Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises EXSi servers. We discuss our initial findings on in this report...
New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code
New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report...
Celebrating 15 Years of Pwn2Own
Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own's 15th anniversary, what we've learned, and how the program will continue to serve the cybersecurity community in the future...
The Fault in Our Kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals...
Detect Azure AD Hybrid Cloud Vulnerabilities
AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory AD and Microsoft 365 - learn how to protect against their common vulnerabilities...
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
During the first quarter of 2022, we discovered a significant number of infections using multiple new Emotet variants that employed both old and new techniques to trick their intended victims into accessing malicious links and enabling macro content...
Cyber risk management: Attribution strategies
Discover the importance of cyber attribution, the benefits, and the right tools to assist your efforts so you can better manage cyber risk across your digital attack surface...
Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report...
Trend Micro's One Vision, One Platform
Why Trend Micro is evolving its approach to enterprise protection...
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys...
Sandstone CTO shares how to assess cyber risk in the cloud
Chaitanya Pinnamanemi discusses how visibility and prioritization are key to securing your digital attack surface and reducing cyber risk...
The Difference Between Virtual Machines and Containers
Discover the key differences, use cases, and benefits of virtual machines and containers...
S4x22: ICS Security Creates the Future
The ICS Security Event S4 was held for the first time in two years, bringing together more than 800 business leaders and specialists from around the world to Miami Beach on 19-21 Feb 2022. The theme was CREATE THE FUTURE...
Adding Guardrails To A Cloud Account After The Fact
This article outlines a priority checklist of which guardrails need to be applied to an existing cloud account. Answering questions like, can these guardrails be implemented without breaking anything? What level of testing is required?...
Security Above and Beyond CNAPPs
How Trend Micro’s unified cybersecurity platform is transforming cloud security...
Examining the Black Basta Ransomware’s Infection Routine
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics...
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver...
Workshop: Simplifying Network Security in the Cloud
In this workshop, you will learn how to leverage Trend Micro Cloud One™ - Network Security to provide a powerful network security layer which can be deployed seamlessly into your existing AWS architecture...
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions...
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions...
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
We recently found a new advanced persistent threat APT group that we have dubbed Earth Berberoka aka GamblingPuppet. This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families...
New AWS Competency Category - Why It's Important
AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why it matters to security and development teams building in the cloud...
How to better manage your digital attack surface risk
As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your...
Unified Cybersecurity Platform: Why CISOs are Shifting
Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams with a unified cybersecurity platform so you can be more resilient with less resources...
New Partner Bit Discovery Helps TM with Attack Surface
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets devices, identities, applications but also external, internet-facing assets...
Cybersecurity Predictions for 2022
Explore Trend Micro Research’s security insights and predictions for 2022 to enable more informed and proactive decision-making...
How XDR Security Aids in Cyber Risk Management
Trend Micro's VP of Threat Intelligence, Jon Clay, explores the latest trends in today's threat landscape and why XDR is key to better understanding, communicating, and mitigating cyber risk across your enterprise...
How to better manage your digital attack surface risk
As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your...
Trend Micro Partnering with Bit Discovery
We’re excited to partner with Bit Discovery, bringing attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets devices, identities, applications but also external, internet-facing assets...
Aligning the c-suite with cyber risk management
As we creep toward a post-pandemic world, organizations need to plan accordingly. Explore Trend Micro’s latest cyber risk research to enable your business to maximize its growth and potential...
Cryptomining Overview for DevOps
Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery...
Secure application development cloud best practices
The need for agility can often sideline security best practices; we explore how to build with security at the forefront without compromising time to delivery...
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners...
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners...
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
We take a look at our latest Cyber Risk Index CRI findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk...
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
We take a look at our latest Cyber Risk Index CRI findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk...
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response XDR capabilities. BlackCat aka AlphaVM or AlphaV is a ransomware family created in the Rust programming language and operated under...
Cybersecurity Basics: Authentication and Authorization
With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps...