Trend Micro and CISA Secure-By-Design Pledge

Trend’s support reaffirms dedication to safeguarding products and customers...

Invisible Prompt Injection: A Threat to AI Security

This article explains the invisible prompt injection, including how it works, an attack scenario, and how users can protect themselves...

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras...

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data...

Investigating A Web Shell Intrusion With Trend Micro Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data...

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data...

World Tour Survey: Cloud Engineers Wrestle with Risk

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what cloud security engineers teams had to say...

How Cracks and Installers Bring Malware to Your Device

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

Trend Micro Managed XDR Analysis of Infection From Fake Installers and Cracks

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Our blog entry discusses a fake PoC exploit for LDAPNightmare CVE-2024-49113 that is being used to distribute information-stealing malware...

2024 Perspective: The Ultimate re:Invent Recap

Ashley & Danielle's Ultimate Recap...

Trend Micro Contributes and Maps Container Security to MITRE ATT&CK: A Game-Changer for Cyber Defense

Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data...

What We Know About CVE-2024-49112 and CVE-2024-49113

This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation...

AI Pulse: Top AI Trends from 2024 - A Look Back

In this edition of AI Pulse, let's look back at top AI trends from 2024 in the rear view so we can more clearly predicts AI trends for 2025 and beyond...

FedRAMP ATO Boosts Zero Trust for Federal Agencies

Trend Vision One™ for Government has obtained a FedRAMP Authorization to Operate ATO. This milestone enables Federal government customers to leverage Trend’s platform to rapidly stop adversaries and control their cybersecurity risk posture...

Python-Based NodeStealer Version Targets Facebook Ads Manager

In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram...

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors...

Link Trap: GenAI Prompt Injection Attack

Prompt injection exploits vulnerabilities in generative AI to manipulate its behavior, even without extensive permissions. This attack can expose sensitive data, making awareness and preventive measures essential. Learn how it works and how to stay protected...

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection...

INTERPOL & Trend's Fight Against Cybercrime

Trend threat intelligence and training were crucial to the success of two major policing operations in 2024...

Link Trap: GenAI Prompt Injection Attack

Prompt injection exploits vulnerabilities in generative AI to manipulate its behavior, even without extensive permissions. This attack can expose sensitive data, making awareness and preventive measures essential. Learn how it works and how to stay protected...

MITRE ATT&CK 2024 Results for Enterprise Security

Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People's Republic of Korea's targeting macOS...

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance...

The Road to Agentic AI: Exposed Foundations

Our research into Retrieval Augmented Generation RAG systems uncovered at least 80 unprotected servers. We highlight this problem, which can lead to potential data loss and unauthorized access...

Gafgyt Malware Broadens Its Scope in Recent Attacks

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

Gafgyt Malware Targeting Docker Remote API Servers

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

AI Configuration Best Practices to address AI Security Risks

AI usage is on the rise as many companies are adopting AI for productivity gains and creation of new business opportunities which provide value to their customers...

World Tour Survey: IT Operations’ Hands-on Defense

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what IT operations teams had to say...

AI Pulse: The Good from AI and the Promise of Agentic

The perils of AI get a lot of airtime, but what are the upsides? This issue of AI Pulse looks at some of the good AI can bring, from strengthening cybersecurity to driving health breakthroughs—and how the coming wave of agentic AI is going to take those possibilities to a whole new level...

Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha...

Embracing a Risk-Based Cybersecurity Approach With ASRM

Explore how a risk-based cybersecurity approach is critical to proactively stopping dynamic, ever-evolving threats...

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations...

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals...

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

In this blog entry, we discuss Water Barghest's exploitation of IoT devices, transforming them into profitable assets through advanced automation and monetization techniques...

5 AI Security Takeaways featuring Forrester

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace...

Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations

Trend Micro researchers, in collaboration with Japanese authorities, analyzed links between SEO malware families used in SEO poisoning attacks that lead users to fake shopping sites...

Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns...

SOC Around the Clock: World Tour Survey Findings

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say...

AI Pulse: Election Deepfakes, Disasters, Scams & more

In the final weeks before November’s U.S. election, cybersecurity experts were calling October 2024 the “month of mischief”—a magnet for bad actors looking to disrupt the democratic process through AI-generated misinformation. This issue of AI Pulse looks at what can be done about deepfakes and...

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes...

Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures...

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflict...

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts...

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware...

Gartner 2024 CNAPP Market Guide Insights for Leaders

As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging...

5 AI Security Takeaways featuring Forrester

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace...

How to Mitigate the Impact of Rogue AI Risks

This is the latest blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights...

Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions...

Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data

This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions...