How the EU Cyber Resilience Act Impacts Manufacturers

EU's Cyber Resilience Act urges vendors to embrace security-by-design, establishing standards in global tech protocols...

Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnetcompiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications...

Web Security Expands into Secure Service Edge (SSE)

Trend has been securing web access for over a decade with forward-looking innovation and a global footprint to support our customer’s security strategy. We are committed to our customers’ journey of transforming their current security posture, aligning with Zero Trust principles, and embracing a...

Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response DFIR tool...

2023 Review: Reflecting on Cybersecurity Trends

Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics,...

2023 Review: Reflecting on Cybersecurity Trends

Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics,...

Modern Attack Surface Management for CISOs

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what CISOs need to look for in an ASM solution...

Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024

In this blog entry, we discuss predictions from Trend Micro’s team of security experts about the drivers of change that will figure prominently in 2024...

Accelerating into 2024 with NEOM McLaren Formula E Team

Learn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond...

Accelerating into 2024 with NEOM McLaren Formula E Team

Learn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond...

Opening Critical Infrastructure: The Current State of Open RAN Security

The Open Radio Access Network ORAN architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller RIC subsyste...

Cloud Security Predictions at AWS re:Invent 2023

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response CDR and what’s trending in cloud security...

Cloud Security Predictions at AWS re:Invent 2023

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response CDR and what’s trending in cloud security...

Modern Attack Surface Management for Cloud Teams

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what Cloud teams need to look for in an ASM solution...

ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil

We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data...

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023...

Exploring Weaknesses in Private 5G Networks

Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks...

Which DevOps Skills are the Hardest to Learn?

DevOps professionals face expansive challenges, from learning complex technologies to developing and honing interpersonal skills. Read on to discover some of the most difficult skills the role demands...

Accelerating Security Risk Management

In response to the expanding attack surface, Mike Milner, Trend Micro VP of Cloud Technology, explores the role security risk management plays in this new era of cybersecurity and how IT leaders are accelerating innovation...

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware also known as h2miner and cryptocurrency miner...

ALPHV/BlackCat Take Extortion Public

Learn more about ALPHV filing a complaint with the Security and Exchange Commission SEC against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later...

Email Security Best Practices for Phishing Prevention

Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk...

A Closer Look at ChatGPT's Role in Automated Malware Creation

This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models...

Against the Clock: Cyber Incident Response Plan

Conventional wisdom says most organizations will experience a cybersecurity breach at some point—if they haven’t already. That makes having a ready-to-launch incident response process crucial when an attack is detected, as this fictionalized scenario shows...

100 Quarters of Profitability: Insights from a Trender

Learn what 100 straight quarters of profitability means to a Trender who has been here for every one of them...

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations...

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies...

Top 10 DevOps Blunders and How to Sidestep Them

Integrating the necessary DevOps practices, tools, and cultures in an organization is difficult, even for experts. Learn how to recognize these challenges and transform them into valuable lessons when navigating the world of DevOps...

Implementing Zero Trust: 5 Key Considerations

When implementing a Zero Trust strategy and selecting a solution to safeguard your company against cyber risk, there are many factors to consider. Five key areas include Visibility and Analytics, Automation and Orchestration, Central Management, Analyst Experience, and Pricing Flexibility and...

Zero Day Threat Protection for Your Network

Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation...

Securing Cloud Infrastructure Demands a New Mindset

Rising attacks on cloud infrastructure and services have created a ‘shared fate’ scenario for cloud providers and users, where a successful breach means everybody loses. Fresh thinking and closer collaboration can help avoid that outcome and better protect public cloud resources...

Zero Day Threat Protection for Your Network

Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation...

Securing Cloud Infrastructure Demands a New Mindset

Rising attacks on cloud infrastructure and services have created a ‘shared fate’ scenario for cloud providers and users, where a successful breach means everybody loses. Fresh thinking and closer collaboration can help avoid that outcome and better protect public cloud resources...

Trend Micro Recognized as a Customer Favorite

Customer feedback validates Trend's leadership in in XDR, endpoint security, hybrid Cloud...

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals...

Strategic Tips to Optimize Cybersecurity Consolidation

Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...

CI/CD Pipeline: How to Overcome Set-Up Challenges

Explore the most common challenges organizations face when establishing a CI/CD pipeline and how to strategically overcome them...

Security Patch Management Strengthens Ransomware Defense

With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management...

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane...

Email Security Best Practices for Phishing Prevention

Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk...

Top 4 Emerging Trends in Software Engineering

Explore key takeaways about emerging software engineering trends from Gartner's annual Application Innovation and Business Solutions Summit...

Beware: Lumma Stealer Distributed via Discord CDN

This blog discusses how threat actors abuse Discord’s content delivery network CDN to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware...

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor...

DarkGate Opens Organizations for Attack via Skype, Teams

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment...

How to Prevent Ransomware as a Service (RaaS) Attacks

Explore key insights on how ransomware as a service RaaS operators work and how to prevent ransomware attacks...

Electric Power System Cybersecurity Vulnerabilities

Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions...

Exposing Infection Techniques Across Supply Chains and Codebases

This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases...

A Cybersecurity Risk Assessment Guide for Leaders

Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface...

How to Embrace a Cloud Security Challenge Mindset

CISOs responsible for tackling cloud security challenges need to rethink traditional security practices, protect apps and infrastructure they don’t control, and justify enterprise security investments. Trend Micro’s Bryan Webster told the AWS SecurityLIVE! audience it can all be done—by embracing...

APT34 Deploys Phishing Attack With New Malware

We observed and tracked the advanced persistent threat APT APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to...