Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

It starts with the malicious actors scraping the internet for public sites containing email addresses, which will be stored in a text file. They also use tools such as Lite Email Extractor to scrape email addresses. To expand their range of targets the malicious actors also search for specific keywords in Google, such as “LTD PLC” and “manufacturing suppliers.” After obtaining their list of targets, they may share this information with other malicious actors via…

Read More

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Conclusion Users with the affected products should immediately patch or apply the temporary mitigation procedures recommended by following the steps identified in the WSO2 security advisory. We also released an initial notification in April after we made a preliminary analysis to inform users and organizations. Three days after the vulnerability was disclosed and a day after the PoC was published, attacks abusing this gap have since been observed and are notably aggressive in installing web…

Read More

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices Ransomware Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings in this report. By: Arianne Dela Cruz, Byron Gelera, McJustine De Guzman, Warren Sto.Tomas May 25, 2022 Read time:  ( words) We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs)…

Read More

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters Cloud While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals. By: Magno Logan May 24, 2022 Read time:  ( words) While researching cloud-native tools and how they can reveal information about a system or an organization, we came across some data sets from Shodan concerning Kubernetes clusters (aka…

Read More

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats such as the Trickbot trojan and the Ryuk or Conti ransomware are among the malicious actors who have used the botnet malware in their attacks. But in January 2021 came news of Emotet’s dismantling, dubbed…

Read More

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR

Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report. By: Buddy Tancio, Jed Valderama May 18, 2022 Read time:  ( words) We observed malicious activities in a client’s SQL server that flagged a potential exploit in one public-facing device. A quick look at the Trend Micro Vision One™ Workbench showed…

Read More

One Vision & Platform – Enterprise Protection Evolved

One Vision & Platform – Enterprise Protection Evolved

The world moves fast sometimes. Just two years ago, organizations were talking vaguely about the need to transform digitally, and ransomware began to make headlines outside the IT media circle. Fast forward to 2022, and threat actors have held oil pipelines and critical food supply chains hostage, while many organizations have passed a digital tipping point that will leave them forever changed. Against this backdrop, CISOs are increasingly aware of running disjointed point products’ cost,…

Read More

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys Mobile We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. By: Cifer Fang, Ford Quin, Zhengyu Dong May 16, 2022 Read time:  ( words) We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user…

Read More

ICS Security Event S4 2022 Review

ICS Security Event S4 2022 Review

Technology and International Relation Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event. Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war…

Read More
1 14 15 16 17 18 27