Exploits & Vulnerabilities Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own’s 15th anniversary, what we’ve learned, and how the program will continue to serve the cybersecurity community in the future. By: Trend Micro May 25, 2022 Read time: ( words) Source link
Read More
The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters Cloud While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals. By: Magno Logan May 24, 2022 Read time: ( words) While researching cloud-native tools and how they can reveal information about a system or an organization, we came across some data sets from Shodan concerning Kubernetes clusters (aka…
Read More
The world moves fast sometimes. Just two years ago, organizations were talking vaguely about the need to transform digitally, and ransomware began to make headlines outside the IT media circle. Fast forward to 2022, and threat actors have held oil pipelines and critical food supply chains hostage, while many organizations have passed a digital tipping point that will leave them forever changed. Against this backdrop, CISOs are increasingly aware of running disjointed point products’ cost,…
Read More
Technology and International Relation Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event. Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war…
Read More
The cloud is driving transformative benefits for global organizations. But in rushing their applications and infrastructure into new computing environments, they’re also exposing business-critical data to new risks. There are now more ways for the bad guys to steal data, deploy malware, hijack resources, and hold them to ransom. The complexity of hybrid and multi-cloud environments and the need to coordinate across multiple stakeholder groups further compound these challenges. The answer is a simple, flexible,…
Read More
Conclusion While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver…
Read More
So, how can security leaders stay on top of their attack surface and ahead of the bad guys? By leveraging a unified cybersecurity platform that enables continuous security visibility and monitoring across the discovery, assessment, and mitigation phases of the attack surface risk lifecycle. Let’s dive deeper into how a platform can enhance attack surface risk management versus utilizing point products. Discover your digital attack surface First, you need total visibility to be able to…
Read More
Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security). How bad is the attack…
Read More
By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics) Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that…
Read More
Let’s dig into the results a bit further to identify areas of greatest concern across regions. 1. Top five security risksWith the global Covid-19 pandemic continuing as well as many successful ransomware attacks and breaches occurring, it does appear that many organizations felt some areas of their preparedness may be more of a concern now than in the past. Below are the top five security risks around their infrastructure: Mobile/remote employees Cloud computing infrastructure and providers…
Read More
Introduction Cloud computing services have grown exponentially in