New Golang Ransomware Agenda Customizes Attacks

New Golang Ransomware Agenda Customizes Attacks

Analysis and notable features The Agenda ransomware is a 64-bit Windows PE file written in Go. Go programs are cross-platform and completely standalone, meaning they will execute properly even without a Go interpreter installed on a system. This is possible since Go statically compiles necessary libraries (packages). Upon execution, this ransomware accepts various command-line arguments that define the malware flow and functionality, as listed in the table below. Argument  Description -alter {int}  Defines the port number…

Read More

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

The mhyprot2.sys driver that was found in this sequence was the one built in August 2020. Going back to social media streams, we can see that shortly after Genshin Impact was released in September 2020, this module was discussed in the gaming community because it was not removed even after the game was uninstalled and because it allowed bypassing of privileges. A PoC, provided by user kagurazakasanae, showed that a library terminated 360 Total Security….

Read More

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets Cloud While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows. By: David Fiser, Alfredo Oliveira August 17, 2022 Read time:  ( words) The use of environment variables is a common practice in the DevOps community as it provides easy access to configuration properties. It comes in handy…

Read More

Protecting S3 from Malware: The Cold Hard Truth

Protecting S3 from Malware: The Cold Hard Truth

Cloud object storage is a core component of any modern application. When files move through your applications, it’s critical to protect your systems and users from malicious files. Trend Micro has provided cloud-native, scalable file protection for our customers since 2020. We’re now starting to see other vendors try to catch up by bringing similar capabilities to the market, but frankly I’m underwhelmed with their offerings. I love the cloud security space because there is…

Read More

What Exposed OPA Servers Can Tell You About Your Applications

What Exposed OPA Servers Can Tell You About Your Applications

With the proper request or token, an attacker could obtain even more information about these services and look for vulnerabilities or other entry points to get into an organization’s systems. We highly recommend that companies currently leveraging OPA as their policy-as-code solution to ensure that they are not unwittingly exposing their APIs and policies online. In certain cases, companies could be using OPA without them realizing it; multiple providers for Kubernetes-managed services rely on OPA for…

Read More

Oil and Gas Cybersecurity: Recommendations Part 3

Oil and Gas Cybersecurity: Recommendations Part 3

Oil and Gas Cybersecurity: Recommendations Part 3 Cyber Threats In the final part of our series, we look at the APT33 case study and several recommendations from our expert team. By: Trend Micro August 15, 2022 Read time:  ( words) The oil and gas industry continues to be a prime target for threat actors who want to disrupt the operation and wreak havoc. In part two, we discussed various threats that can affect an oil…

Read More

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

We confirmed that both the legitimate and the malicious versions of the chat installer were unsigned, which means the users of MiMi chat were probably used to all these extra steps to finally install the application despite all the macOS watchguards. HyperBro The HyperBro malware family has been around since 2017 and has been extensively analyzed. It was updated in mid-2019, which we described in detail in our Operation DRBControl paper. The version used in…

Read More

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies Malware We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension. By: Jaromir Horejsi, Joseph C Chen August 11, 2022 Read time:  ( words) We published our analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Tracking the cybercriminal group’s latest…

Read More

Oil and Gas Cybersecurity: Threats Part 2

Oil and Gas Cybersecurity: Threats Part 2

Oil and Gas Cybersecurity: Threats Part 2 Cyber Threats In part two of our oil and gas series, we look at more threats that can expose the industry to cyberattacks. By: Trend Micro August 11, 2022 Read time:  ( words) The Russia-Ukraine war has posed threats to the oil and gas industry. Our team even uncovered several alleged attacks perpetrated by various groups during a March 2022 research. In part one, we exhibit how a…

Read More

Improve Threat Detection & Response with OCSF

Improve Threat Detection & Response with OCSF

Trend Micro has always been a team player. Over the past three decades and more, we’ve worked closely with law enforcement, industry solution providers, academics and others to strengthen our collective hand against a common adversary. Yet while we’ve been breaking down barriers through this collaborative approach, the cybersecurity industry sometimes unwittingly puts more up. That’s why we’re thrilled to join a new open source initiative designed to make it easier for organizations to detect…

Read More
1 10 11 12 13 14 27