5 #TrendTips To Build Better in the Cloud

You have multiple cloud service provider accounts and you want to make sure that you are deploying everything in a well-architected fashion to avoid future security headaches. Here's where to begin...

June Patch Tuesday: Internet Explorer Finally Laid to Rest

The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators...

The U.S. EO on Ransomware: What Does it Mean? – Part 2

The White House is urging companies to do more to stem the tide of ransomware attacks now that they are starting to impact critical infrastructure and supply chains. It is a good start, but what will be the implication of this to U.S. businesses?...

Looking Ahead: The Post-Pandemic Security Landscape

One year into the pandemic, our team at Trend Micro discussed the lasting impact that Covid-19 will have on people’s way of life and what a post-pandemic “new normal” might look like...

This Week in Security News June 4, 2021

Cyberattack hits JBS meat works in Australia, North America and DarkSide Targets Virtual Machines...

CVE-2021-30724: CVMServer Vulnerability in macOS and iOS

We discovered a vulnerability in macOS, iOS, and iPadOS rooted in the CVMServer. The vulnerability, labeled CVE-2021-30724, can allow threat actors to escalate their privilege if exploited...

Network Policies to Help Reduce Risk and Improve Security

Cloud workloads frequently require internet access, and as we know, anything accessing the internet can be breached. This article explores simple tactics such as access level restriction and overlaying threat intelligence to enhance your security posture...

Preventing Multi-layered Cybersecurity Threats

It’s 2021, and this rapidly evolving threat landscape requires partnership with a trusted cybersecurity expert, who can provide protection across distributed endpoints, networks, cloud infrastructure, and hybrid environments...

5 #TrendTips For Better File Storage Security

Here are 5 TrendTips to secure valuable files and objects stored in the cloud via services like Amazon S3...

DarkSide on Linux: Virtual Machines Targeted

We focus on the behavior of the DarkSide variant that targets Linux. We discuss how it targets virtual machine-related files on VMware ESXI servers, parses its embedded configuration, kills virtual machines VMs, encrypts files on the infected machine, collects system information, and sends it to...

This Week in Security News - May 28, 2021

Nearly 50,000 IPs Compromised in Worm-like TeamTNT Attack and Misconfigurations are the Biggest Threat to Cloud Security...

Manage Open Source Code Security Risks

Open source code is in the vast majority of commercial softwares today. Learn best practices to mitigate the unique risks that accompany its use...

Threats From a Compromised 4G/5G Campus Network

5G acts as a catalyst for change for industrial environments. One part of its deployment is the 4G/5G campus network for some organizations. In our research we delve into the security risks and implications of this technology...

Simple Application Security Integrations for DevOps

Explore why application security matters and how you can integrate it into your build process without added stress or interruption...

TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack

We have found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters. Several IPs were repeatedly exploited during the timeframe of the episode, occurring between March and May...

Personal & Professional Challenges Facing SecOps Teams

On the frontline: revealing the personal and professional challenges facing SecOps teams. New research shows that security teams are struggling with overwhelming workloads, and organizations are lacking the solution...

SecOps: Tips for reducing open source vulnerabilities

Check out this infographic to gain insight on enabling a strong DevSecOps culture by ensuring open source code is secure, allowing developers to build quickly and meet business objectives...

How to improve security for Amazon S3 buckets

Avoid post-deployment headaches by increasing the security of your Amazon S3 buckets and the objects stored within during the early phases of development...

This Week in Security News May 21, 2021

ZDI Tops Omdia Vulnerability Disclosures Again and Robots May Take Over Cybercrime by 2030...

Secure Cloud Migration 101

Cloud migration is a journey not a destination. Learn the basics of security for making the gradual switch so you can get the most out of what the cloud has to offer...

Open Source Vulnerabilities Converging DevOps & SecOps

Open Source Vulnerabilities can be challenging to the already strained DevOps and SecOps relationship. Learn how increased visibility from the right can help prevent and close the long-standing cultural gap between the teams...

ZDI Tops Omdia Vulnerability Disclosures Again

The Trend Micro Zero Day Initiative ZDI again dominated the number of disclosed vulnerabilities for the 13th year in a row based on Omdia’s research into the vulnerability disclosure market. Read More...

The creation and success of a documentation site

Gain a better understanding of why collaboration between developers and writers is necessary to create a successful documentation site...

TeamTNT’s Extended Credential Harvester Targets Cloud Services, Other Software

We found new evidence that the cybercriminal group TeamTNT has extended its credential harvesting capabilities to include multiple cloud and non-cloud services...

Container Security First Steps: Image and Registry Scanning

Learn to secure your containers with image and registry scanning. This article explores key container vulnerabilities, and how to guard against them with cloud security tools like policy-based deployment control...

Stop Ransomware Groups Who Weaponize Legitimate Tools

The ongoing game of cat and mouse – cybercriminals vs security teams – continues with the latest evolution in ransomware...

The Cybersecurity Executive Order: What does it mean?

While much of the EO may not be new or bold concepts, the potential for long term impact to federal cybersecurity is high and immediate...

This Week in Security News May 14, 2021

May Patch Tuesday Offers Relative Respite and What We Know About DarkSide Ransomware and the US Pipeline Attack...

Protect Kubernetes Clusters with Admission Controller

Discover the power of admission controllers. Container security can be challenging, but this article will teach you how to guard your Kubernetes clusters against threats by screening containers before they even initialize...

What We Know About the DarkSide Ransomware and the US Pipeline Attack

Trend Micro Research found dozens of DarkSide ransomware samples in the wild and investigated how the ransomware group operates and what organizations it typically targets...

DevOps Teams can meet NIST compliance standards with automation

Meet business compliance needs without interrupting your workflow...

May Patch Tuesday Offers Relative Respite

Compared to the previous months of 2021, this month’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical...

Open source protection that security teams will love

Open source code is the gateway to quick application deployment – see how Trend Micro and Snyk have partnered up to create developer-friendly security for your open source components...

Open source protection that security teams will love

Open source code is the gateway to quick application deployment – see how Trend Micro and Snyk have partnered up to create developer-friendly security for your open source components...

Tips to avoid the new wave of ransomware attacks

There have been a lot of changes in ransomware over time. We want to help you protect your organization from this growing attack trend...

Physical Datacenter Security and Threat Mitigation

Physical security may have more of an impact on cloud operations than you think...

This Week in Security News May 7, 2021

New Panda Stealer Targets Cryptocurrency Wallets and Apple Releases Urgent Security Patches for Zero-Day Bugs...

Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party

Our telemetry showed three malware families taking advantage of the ProxyLogon vulnerability beginning in March: the coinminer LemonDuck was sighted first, quickly followed by the ransomware BlackKingdom, then the Prometei botnet...

Shift Left: Moving Container Security into the Dev, Test, and Build Process

Learn how you can use a DevOps methodology that optimizes application deployments and provides greater security for containers. This article explains how to move security into the container creation process in the DevOps workflow...

Mutated Scams: How to Protect Yourself from Pandemic-Fueled Cyberfraud

Scammers took advantage of the surge in online activity during the pandemic, targeting businesses and buyers that were settling into new ways of transacting...

MITRE ATT&CK for Containers: Why It Matters

The complexity of containers demands something to make sense of it all. Builders, operations teams and security teams need a single language to understand the risk associated with containers...

New Panda Stealer Targets Cryptocurrency Wallets

In early April, we observed a new information stealer called Panda Stealer being delivered via spam emails. Based on Trend Micro's telemetry, United States, Australia, Japan, and Germany were among the most affected countries during a recent spam wave...

This Week in Security News - April 30, 2021

Hacktivism’s reemergence explained and Hello ransomware uses updated China Chopper web shell...

How Cybercriminals Abuse OpenBullet for Credential Stuffing

In this blog, we detail how cybercriminals exploit OpenBullet, a legitimate web-testing software, to brute-force their way into targeted accounts...

5 #TrendTips for Lifecycle Security for Containers

Learn how to manage all of the moving parts when implementing pre-runtime and runtime container security...

How Trend Micro Helps Manage Exploited Vulnerabilities

As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible...

DevSecOps: How to Systematize Security into the Dev Pipeline

Security within an organization cannot be siloed or left up for DevOps teams to figure out and manage. Learn how applying DevSecOps best practices will have a noticeable positive impact on the security of your overall applications...

Weaponized Deepfakes Are Getting Closer to Reality

The first malicious use of video deepfakes may have been observed, making one of Trend Micro’s long-standing predictions a looming reality...

Water Pamola Attacked Online Shops Via Malicious Orders

Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emails with malicious attachments...

DevOps Teams can learn from Clubhouse compliance woes

As Clubhouse continues to launch new features and gain popularity, protecting sensitive data and adhering to compliance should be on everyone’s mind...