2303 matches found
This Week in Security News - September 24, 1021
Water Basilik Uses New HCrypt Variant to Flood Victims With RAT Payloads & Biden Administration Issues Sanctions To Counter Ransomware...
Examining the Cring Ransomware Techniques
In this entry, we look at the techniques typically employed by the Cring ransomware, as well as the most affected regions and industries...
Virtual Event: Google Cloud Next | October 12 – 14
Level-up your skills and uncover what’s next for cloud by registering for the virtual Google Cloud Next conference starting Oct. 12, 2021...
Cyberattacks from all Angles: 2021 Midyear Report
We look at the most pertinent cybersecurity issues organizations across the globe faced in the first half of 2021...
CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities...
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage
Recently, we discovered that the cryptomining trojan z0Miner has been taking advantage of the Atlassian’s Confluence remote code execution RCE vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August...
Reduce Risk with an Open Source Code Scanner
Explore the three risks that open source code scanning can mitigate, allowing SecOps and DevOps teams to bridge the gap for more secure application building...
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
In this blog entry we look into a fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans RATs in victim systems. This new variant also uses an updated obfuscation mechanism which we detail...
This Week in Security News - September 17, 2021
2021 Midyear Cybersecurity Report and Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware...
Securing AWS Infrastructure with Trend Micro Workshop
In this workshop, you’ll learn how to leverage infrastructure as code IaC and Security to automate your cloud security efforts. If you’re interested in making cloud security more efficient, automated, proactive, and accessible, this workshop is for you!...
Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound
Here is a rundown of data related to the crucial security issues that enterprises faced during this period, as examined in our report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.”...
Integrate Serverless Security for Runtime Apps
Serverless solutions are prone to a high degree of application attacks. Learn how to build runtime application self-protection with vulnerability visibility and mitigation capabilities for your serverless applications...
Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction...
What are Open Source Software License Risks?
Explore the risks of using open source licenses and what tools to use to mitigate risks for safer, more legally compliant applications...
1H’2021 Security Review Shows Active Cloud Attacks
Trend Micro’s midyear report highlights the growing importance of cloud security as attacks increase in frequency and complexity...
September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins...
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American entities...
This Week in Security News - September 10, 2021
Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more...
This Week in Security News - September 10, 2021
Biden announces cybersecurity initiative partnership, US Government seeks public feedback on draft federal zero trust strategy and more...
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability designated as CVE-2021-40444 is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger...
What do Developers Look for When Choosing Software
We asked five software developers at Trend Micro how they research the software solutions they use professionally or in their own projects...
Biden Announces Cybersecurity Initiative Partnership
The announcement marks the US’s extensive collaboration with various private and education sector leaders to address the rising cyber threats in the country...
Manage Open Source Software Library Risks
Learn about the growing open source library trend, the pros and cons of using open source code, and how to mitigate associated risks...
AT&T, GM Make 5G Connected Car Deal
The collaboration aims to enhance various features on GM’s connected cars, with the hope of having millions of vehicles with 5G connectivity on the road by 2024...
This Week in Security News - September 3, 2021
Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files...
Analyzing SSL/TLS Certificates Used by Malware
We take a closer look at the SSL/TLS certificates used by malware...
The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
The United Nations Regulation No. 155 sets requirements for cybersecurity in vehicles. We conducted a threat modelling exercise on its defined attack vectors as a form of risk assessment in order to help organizations comply with this regulation and identify what to prioritize...
Introduction to Runtime Application Self-Protection (RASP)
Discover how runtime application self-protection RASP is shifting the narrative of application security and how to easily integrate RASP into your software for improved speed and delivery...
Auto Apply IPS Rules for Solid Cloud Workload Security
Learn how to leverage automated and programmable APIs to quickly scan and secure workloads with high or critical severity IPS rules...
API Releases New Standard for Pipeline Control Systems
The latest version comes weeks after US President Biden announced a memo, calling on the improvement of control systems cybersecurity. It also expands the coverage of previous editions, covering all control systems...
This Week in Security News - August 27, 2021
Key takeaways from H1’ 2021 Linux threat report and Google removes fake crypto-mining apps and more...
Scan Your Microsoft Azure Blob Storage for Risks
New on the Trend Micro Cloud One security platform: Learn how easy it is to monitor, identify, and quarantine malicious file entering your Azure Blobs...
Detect Container Drift in Your Kubernetes Deployments
Discover how to maintain compliance and secure your Kubernetes containers with automated security policies and scanning...
What the Norton-Avast Merger Means for Cybersecurity
Recently two consumer cybersecurity vendors merged their respective businesses, what will the impact be on customers, and the cybersecurity industry?...
New Campaign Sees LokiBot Delivered Via Multiple Methods
We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities...
Micro Frontend Guide: Technical Integrations
In this article, we will take a closer look at the technical considerations for developing web applications with a Micro Frontend...
APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign
Our research paper provides an in-depth analysis of Earth Baku's new cyberespionage campaign, particularly the group's use of advanced malware tools and multiple attack vectors...
TippingPoint Threat Protection System Certified by NetSecOPEN
Independent lab results prove the high performance of TippingPoint Threat Protection System...
Key Takeaways from the Linux Threat Report
As the popularity of Linux continues to increase, so does its attack surface. This brings to light a pressing question for organizations: who is responsible for the security of all the Linux instances running your cloud environment?...
Level 4 Autonomous Cars Allowed on German Roads
The country is set to take a pioneering role with its latest autonomous vehicle law, temporarily bridging gaps until more concise international and European legal frameworks are set...
Empowering T-Mobile Consumers
Here's how the T-Mobile breach may affect you, and what you can do to protect your data...
This Week in Security News - August 20, 2021
This Week in Security News: Tokyo Olympics Leveraged in Cybercrime Attack and T-Mobile Confirms Hack...
Tokyo Olympics Leveraged in Cybercrime Attack
Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam...
Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service
We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation...
Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military
While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer...
Micro Frontend Framework Guide: Adaptability for Teams
It’s not you, it’s me. Why breaking up your monolith is the best course of action to design and deploy scalable web apps...
LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
The ransomware group LockBit resurfaced in June with LockBit 2.0, with reports indicating an increased number of targeted companies and the incorporation of double extortion features. Our detections followed attack attempts in Chile, Italy, Taiwan, and the UK from July to August...
This Week in Security News - August 13, 2021
This Week in Security News: Hackers Steal $600 million in Largest Ever Cryptocurrency Heist and Cybersecurity is the New ‘Great Game’...
#LetsTalkSecurity - Security at the Speed of Change
Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape...
What Is Zero Trust and Why Does It Matter?
There has been a lot of discussion around Zero Trust recently—is it a solution? A strategy? A pipe dream? Eric Skinner from Trend Micro gets real about Zero Trust and explains what it really is, and how organizations can use it to be more resilient...