Category: Trend Micro Research, News and Perspectives

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace. This article has been indexed…

Read more →

Trend Micro researchers, in collaboration with Japanese authorities, analyzed links between SEO malware families used in SEO poisoning attacks that lead users to fake shopping sites. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Breaking…

Read more →

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say. This article has been indexed from Trend…

Read more →

In the final weeks before November’s U.S. election, cybersecurity experts were calling October 2024 the “month of mischief”—a magnet for bad actors looking to disrupt the democratic process through AI-generated misinformation. This issue of AI Pulse looks at what can…

Read more →

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures. This article has…

Read more →

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the…

Read more →

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the…

Read more →

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts. This article has been indexed from Trend Micro Research,…

Read more →

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Attackers Target Exposed Docker Remote API Servers…

Read more →

As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Gartner 2024 CNAPP Market Guide Insights for Leaders

Read more →

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace. This article has been indexed…

Read more →

This is the latest blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: How to…

Read more →

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. This article has been indexed from…

Read more →

Trend Micro’s Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity. This article has been indexed from Trend Micro Research, News and…

Read more →

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses. This…

Read more →

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE. This article has been indexed from Trend Micro Research,…

Read more →

A deep-dive into how AI-driven solutions from Trend Micro leveraging the NVIDIA AI Enterprise software platform are elevating security across critical industries This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Harnessing AI…

Read more →

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Rogue…

Read more →

Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats. This article has been…

Read more →

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk. This article has been indexed from Trend Micro Research,…

Read more →

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach. This article has been indexed from Trend Micro Research, News…

Read more →

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. This article has been indexed from Trend Micro Research, News and…

Read more →

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base…

Read more →

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. This article has been indexed from Trend Micro Research, News and…

Read more →

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. This article has been indexed from Trend Micro…

Read more →

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. This article has been indexed from Trend…

Read more →

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: How AI…

Read more →

Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Silent Intrusions:…

Read more →

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Threat Actors Target the…

Read more →

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cryptojacking via…

Read more →

The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews seven key initial attack vectors and provides proactive security tips to help you reduce cyber risk across the attack surface. This article has…

Read more →

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: How Trend…

Read more →

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Rogue AI is…

Read more →

Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the…

Read more →

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

Explore how the Cybersecurity Compass can guide various security professionals’ and stakeholders’ decision-making before, during, and after a breach. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cybersecurity Compass: An Integrated Cyber…

Read more →

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use,…

Read more →

Trend Micro research uncovers new cybercrime tools posing increased threats to security, highlighting the rapid evolution of AI-powered hacking services and their potential for mass exploitation This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

It’s clear that generative AI is a permanent addition to the enterprise IT toolbox. For CISOs, the pressure is on to roll out AI security policies and technologies that can mitigate very real and present risks. This article has been…

Read more →

Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: QR Codes: Convenience or Cyberthreat?

Read more →

Intruders are drawn to enterprise IT environments the way mice are attracted to houses. And once either kind of invader is inside, they can be hard to get out. Network detection and response (NDR) lets you trace intruders’ pathways to…

Read more →

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: The…

Read more →

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Teaming up with…

Read more →

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it…

Read more →

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. This article…

Read more →

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. This article has been indexed from…

Read more →

Cybersecurity is a growing concern in today’s digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of…

Read more →

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Examining Water Sigbin’s Infection Routine…

Read more →

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites. This article has been…

Read more →

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why…

Read more →

The latest Omdia Vulnerability Report shows Trend MicroTM Zero Day InitiativeTM (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Worldwide 2023 Email Phishing…

Read more →

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and…

Read more →

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate…

Read more →

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. This article has been indexed from Trend Micro Research, News and…

Read more →

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year. This article has been indexed from Trend Micro…

Read more →

You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes – read more. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

Discover Trend Micro’s integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. Engage with experts, explore demos, and learn strategies for securing AI data centers and optimizing cloud performance. This article has been indexed from…

Read more →

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.…

Read more →

Discover the latest innovations in cyber defense and Trend’s expert insights on AI, data security, and emerging threats This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: 2 Weeks Out: Evolution at RSAC…

Read more →

In the ever-evolving landscape of cybersecurity, staying ahead of malicious actors requires a multifaceted approach. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: ISPM & ITDR Synergize for AI-Based Identity Security

Read more →

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

Cheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election year This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Deepfakes and AI-Driven Disinformation Threaten…

Read more →

This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

In this blog entry, we discuss Trend Micro’s contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan. This article has been indexed from Trend Micro Research, News and…

Read more →

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: The…

Read more →

Learn how far cybersecurity has come from scattered resources to consolidation the future. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cybersecurity Decluttered: A Journey to Consolidation

Read more →

Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Read more →

Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.…

Read more →

This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Agenda Ransomware…

Read more →

On February 26, 2024, the National Institute of Standards and Technology (NIST) released the official 2.0 version of the Cyber Security Framework (CSF). This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: NIST…

Read more →

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Jenkins Args4j CVE-2024-23897: Files Exposed, Code at…

Read more →

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. This article has been indexed from Trend Micro Research,…

Read more →

Explore two RPA and AI/ML use cases at HUD during the operational challenges of the longest US Government shutdown, a rigid legacy IT environment, and complex federal regulations. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Discover the fascinating world of AI, ML, and RPA and their real-world applications including the creation of a custom RPA bot for collecting rare sports memorabilia. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Multistage RA World Ransomware…

Read more →

Overworked CISOs are struggling to deliver the cybersecurity results their organizations expect. Fortunately, there are concrete and practical ways they can make their lives easier—while managing cyber risk effectively. This article has been indexed from Trend Micro Research, News and…

Read more →

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry. This…

Read more →

During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. This article has…

Read more →

Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core technologies. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Earth Preta…

Read more →

Discover how to strategically present security controls to the board to better manage cyber risk. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Cyber Risk Management: Bring Security to the Boardroom

Read more →

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero…

Read more →

This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

After a full year of life with ChatGPT cybersecurity experts have a clearer sense of how criminals are using generative AI to enhance attacks – learn what generative AI means for cybersecurity in 2024. This article has been indexed from…

Read more →