July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems

After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle...

Survey: Phishing & Ransomware Attacks are Top Concerns

Ransomware and phishing attacks will continue to be utilized and will likely see increases in their usage by malicious actors in targeting their victims. Learnings and recommendations from report to improve your prevention and response to these threats...

ETSI Publishes IoT Testing Specs for MQTT, COAP

On June 25, 2021, ETSI released its new IoT Testing Specifications completed by the organization’s committee on Methods for Testing and Specifications. The documents contain seven standards addressing the testing of the IoT MQ Telemetry Transport MQTT and Constrained Application Protocol CoAP...

#NoFilter: Exposing the Tactics of Instagram Account Hackers

What tactics do Instagram account hackers use? What do these cybercriminals do with stolen accounts? How can users protect their accounts? We look into Instagram account hacking incidents from a security researcher’s perspective and share recommendations for users of Instagram and other social...

This Week in Security News - July 9, 2021

Kaseya hit with ransomware attack and top 3 mobile threat takeaways from MWC...

BIOPASS RAT: New Malware Sniffs Victims via Live Streaming

We discovered a new malware that targets online gambling companies in China via a watering hole attack, in which visitors are tricked into downloading a malware loader disguised as a legitimate installer for well-known apps such as Adobe Flash Player or Microsoft Silverlight...

Summer of Cybercrime Continues: What To Do

We recently coined this as the Summer of Cybercrime. Major ransomware attacks continue to hit companies globally. The attacks can cause significant damage, from a financial, reputation and productivity standpoint...

Security for AWS Lambda Serverless Applications

Serverless computing is another beautiful cloud-based advancement for developers. But, like all applications, proper security is required to maximize the benefits. Learn more in this article...

Threats Ride on the Covid-19 Vaccination Wave

We continue monitoring cybercriminals and threats that abuse the pandemic. In this update, we detail trends in malicious activities and deployments that exploit vaccination developments and processes worldwide...

How to navigate open source licensing risks

Vulnerabilities aren't the only risk that comes with open source software use. Learn how you can best mitigate licensing risks to ensure your team is meeting all legal requirements while building with open source code...

Tracking Cobalt Strike: A Trend Micro Vision One Investigation

Cobalt Strike is a well-known beacon or post-exploitation tool that has been linked to several ransomware campaigns. This report focuses on the process of uncovering its tracks in order to fully contain and remove a malware infection...

IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack

Kaseya has been hit with a REvil aka Sodinokibi ransomware attack at the dawn of the Fourth of July weekend. The attack was geared toward their on-premises VSA product...

Why SecOps Need A Cybersecurity Platform

Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams so you can be more resilient...

XDR Security : More Security. More Savings.

You don’t have to sacrifice security for savings. Discover the business, security, and financial benefits of the XDR capabilities of Trend Micro Vision One in the ESG Economic Validation report...

This Week in Security News July 2, 2021

Nefilim ransomware attack through a MITRE Att lens and PoC exploit circulating for critical Windows Print Spooler bug, and more...

PurpleFox Using WPAD to Target Indonesian Users

The PurpleFox Exploit Kit is now being distributed via WPAD attacks targeting Indonesian users...

Top Countries With ICS Endpoint Malware Detections

The Trend Micro research paper, "2020 Report on Threats Affecting ICS Endpoints,” presents findings on ICS endpoints and the threats that plague them. From these findings, we rounded up the list of the top ten countries with the most malware and grayware detections...

Software composition analysis 101

Open source is everywhere. Learn how software composition analysis can automate open source management to secure your applications...

Still Leading In Endpoint And Cloud Workload Security

Cloud workload security and endpoint protection are key to managing security risk. Two new independent IDC reports help CISOs consider their strategic partner options...

Best Practices for Social Media Security

Social media is a double-edged sword, and as we celebrate SocialMediaDay, let’s remember to use best security practices to keep us safe from malicious actors who abuse the platforms...

How DevOps can meet HIPAA compliance standards

Meet business compliance needs without interrupting your workflow...

Secure Secrets: Managing Authentication Credentials

Secret management plays an important role in keeping essential information secure and out of threat actors’ reach. We discuss what secrets are and how to store them securely...

3 Major Benefits of Cloud Migration: Cloud Compliance

Part of a secure cloud migration strategy is ensuring compliance of all the moving pieces. Just like your cloud journey, compliance isn’t a final destination. Discover how to leverage cloud security tools to ensure compliance is met along the way...

MITRE Engenuity™ ATT&CK Evaluations & Framework

With the MITRE ATT Framework, you can simplify security communications across your organization while providing visibility to your security teams...

#LetsTalkSecurity: Adapt or Die

Let's Talk Security: Season 02 // Episode 02: Host, Rik Ferguson, interviews Forrester Analyst, Allie Mellen. Together they discuss to adapt or die...

Nefilim Ransomware Attack Through a MITRE Att&ck Lens

Follow the story of Company X as they suffer an attack from the notorious modern ransomware family, Nefilim, and their affiliates, to learn how you can better mitigate against the common tactic and techniques used in these attacks...

Cloud-Native Security: More Security Observability

Explore observability vs. visibility, how they differ, how they are intertwined, and why they should be incorporated into your security strategy...

Build a Complete Cloud Visibility Strategy

Trend Micro Cloud One + New Relic come together to offer complete cloud visibility...

This Week in Security News June 25, 2021

Fake DarkSide campaign targets energy and food sectors and Tulsa police-citation data leaked by Conti Gang...

Protecting Against Recent Ransomware Attacks

Modern ransomware attacks targeting large enterprises continue to evolve from double to triple or even quadruple extortion tactics. Discover how to stay one step ahead with our case study of the ransomware family, Nefilim...

Are Tax Breaks Encouraging Ransom Payments?

Why tax deductions for ransom payments send the wrong signals to threat actors and their victims...

NIST Guidelines for Containerized Application Security

Learn how to secure containers and protect against breaches...

The Importance of Being the Leader in Public Vulnerability Research

You can't stop what you don't know about. See how our leadership in vulnerability disclosures can protect you faster...

Consolidate For A Secure Digital Transformation

The expedited move to digital transformation has been a lifeline for organizations during the pandemic. Now that these investments have been made, what’s next to continue to drive operational improvements?...

NukeSped Copies Fileless Code From Bundlore, Leaves It Unused

While investigating samples of NukeSped, a remote access trojan RAT, Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped...

Security Resources Now on AWS CloudFormation Templates

Trend Micro is helping customers natively deploy Infrastructure as Code IaC resources for security the same way as cloud native infrastructure in collaboration with AWS CloudFormation...

This Week in Security News June 18, 2021

Bash ransomware targets Linux Distributions and Trend Micro touts zero trust risk insights...

Fake DarkSide Campaign Targets Energy and Food Sectors

Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom...

Prove PCI DSS Compliance with Automation

Meet PCI DSS compliance needs without interrupting your workflow...

Employee Excellence within Trend Micro

The team behind a company is the reason for its success. At Trend Micro, we are proud to have a team filled with intelligent individuals who foster innovation to solve tomorrow's challenges to secure our digital world today...

Amazon Prime Day: Big Sales, Big Scams

For many people, major online shopping events such as the annual Amazon Prime day — which falls on June 21 this year — presents a unique opportunity to purchase goods at heavily discounted prices. However, shoppers are not the only ones looking to benefit — cybercriminals are also looking to prey...

Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions

We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script...

Increase visibility for on-premise and cloud workloads

Ensure each of your cloud workloads are properly managed, protected, and patched - without the slow down...

Is this the “Summer of Cybercrime”?

Summer is just around the corner, and malicious actors don’t seem to be planning a vacation as cybercrime continues to ramp up. Learn some security recommendation you can implement to help minimize the risk of compromise...

An Expert Discussion on Zero Trust

Zero Trust is the key strategy moving forward to secure the always changing hybrid workplace. Listen in as two of our industry experts discuss how risk insights are key component of Zero Trust security...

Trend Micro and JC3 Study on Fraud, Phishing Targeting Japanese Users

This blog details the aspects of two major phishing fraud groups identified from the research and analysis. This study was also announced via separate press releases from Trend Micro Incorporated and JC3...

This Week in Security News June 11, 2021

The post-pandemic security landscape and the banning of ransomware payments could create new crisis situations...

How Enterprises can Deflect Million-Dollar Ransomware Demands

Blue-chip businesses are not the only ones that have been hit hard by the recent ransomware strikes. We outline some best practices and countermeasures to avert any shakedowns at the hands of cybercriminals...

3 Major Benefits of Cloud Migration: Visibility

On the fence about migrating to the cloud because security seems complex and abstract? Let go of your on-premises point products and discover how using a platform with enhanced visibility can help smooth the security for your cloud journey...

#LetsTalkSecurity: Transformational Security

Let's Talk Security: Season 02 // Episode 01: Host, Rik Ferguson, interviews Business Information Security Officer from S Global Ratings, Alyssa Miller. Together they discuss transformational security...