Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data

This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions...

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Trend Micro's Threat Hunting Team has observed EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity...

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses...

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE...

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East...

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE...

Harnessing AI for Enhanced Security

A deep-dive into how AI-driven solutions from Trend Micro leveraging the NVIDIA AI Enterprise software platform are elevating security across critical industries...

Rogue AI: What the Security Community is Missing

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights...

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Trend Micro MDR Managed Detection and Response team promptly mitigated a moreeggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to moreeggs and similar threats...

AI Pulse: What's new in AI regulations?

Fall is in the air and frameworks for mitigating AI risk are dropping like leaves onto policymakers’ desks. From California’s SB 1047 bill and NIST’s model-testing deal with OpenAI and Anthropic to REAIM’s blueprint for military AI governance, AI regulation is proving to be a hot and complicated...

First to Detect AI Threats, Including NVIDIA-powered Systems

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk...

Trend Detects NVIDIA AI Toolkit Vulnerability

On Wednesday, NVIDIA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk...

Delivering Proactive Protection Against Critical Threats to NVIDIA-powered AI Systems

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk...

Inaugural World Tour 2024 Survey Findings

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what CISOs had to say...

Cybersecurity Compass: Bridging the Communication Gap

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach...

Evolved Exploits Call for AI-Driven ASRM + XDR

AI-driven insights for managing emerging threats and minimizing organizational risk...

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions...

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China...

Identifying Rogue AI

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights...

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core AP5GC. The first vulnerability CVE-2024-20685 allows a crafted signaling message to crash the control plane, leading to potential service outages. The second ZDI-CAN-23960 disconnects and replaces attached bas...

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671...

Earth Preta Evolves its Attacks with New Malware and Strategies

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign...

TIDRONE Targets Military and Satellite Industries in Taiwan

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones...

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection...

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign...

How AI Goes Rogue

This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights...

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor...

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool...

AI Pulse: Sticker Shock, Rise of the Agents, Rogue AI

This issue of AI Pulse is all about agentic AI: what it is, how it works, and why security needs to be baked in from the start to prevent agentic AI systems from going rogue once they’re deployed...

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system...

Complete Guide to Protecting Seven Attack Vectors

The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews seven key initial attack vectors and provides proactive security tips to help you reduce cyber risk across the attack surface...

Confidence in GenAI: The Zero Trust Approach

Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access ZTSA – AI Service Access bridges the gap between access control and GenAI services to protect the user journey...

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt...

Securing the Power of AI, Wherever You Need It

Explore how generative AI is transforming cybersecurity and enterprise resilience...

Rogue AI is the Future of Cyber Threats

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more...

A Dive into Earth Baku’s Latest Campaign

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures...

Bringing Security Back into Balance

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology IT departments...

Cybersecurity Compass: An Integrated Cyber Defense Strategy

Explore how the Cybersecurity Compass can guide various security professionals' and stakeholders' decision-making before, during, and after a breach...

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites...

AI Pulse: Brazil Gets Bold with Meta, Interpol’s Red Flag & more

The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use, Interpol’s warnings about AI deepfakes, and more...

AI-Powered Deepfake Tools Becoming More Accessible Than Ever

Trend Micro research uncovers new cybercrime tools posing increased threats to security, highlighting the rapid evolution of AI-powered hacking services and their potential for mass exploitation...

How to Write a Generative AI Cybersecurity Policy

It’s clear that generative AI is a permanent addition to the enterprise IT toolbox. For CISOs, the pressure is on to roll out AI security policies and technologies that can mitigate very real and present risks...

QR Codes: Convenience or Cyberthreat?

Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks quishing...

Why NDR is Key to Cyber 'Pest Control'

Intruders are drawn to enterprise IT environments the way mice are attracted to houses. And once either kind of invader is inside, they can be hard to get out. Network detection and response NDR lets you trace intruders’ pathways to find out where they’re coming in—and seal the gaps...

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more...

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike...

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems...

Teaming up with IBM to secure critical SAP workloads

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers...

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched...

An In-Depth Look at Crypto-Crime in 2023 Part 2

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise...