cyber threats

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

Posted on by Admin
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload Cyber Threats Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware. By: Earle Maui Earnshaw, Mohamed Fahmy, Ian Kenefick, Ryan Maglaque, Abdelrhman Sharshar, Lucas Silva April 05, 2022 Read time:  ( words) The Trend MicroTM Managed XDR team has made a series…

Read More

An In-Depth Look at ICS Vulnerabilities Part 2

Posted on by Admin
An In-Depth Look at ICS Vulnerabilities Part 2

This chart shows CVEs affecting Critical Manufacturing that was identified in 2021 advisories which might be used to accomplish tactics from the MITRE ATT&CK framework ease of reading. Names and definitions of tactics are directly referenced from the MITRE ATT&CK framework. Six hundred and thirteen CVEs identified in advisories in 2021 are likely to affect Critical Manufacturing environments, 88.8% of them might be leveraged by attackers to create an Impact (to directly or indirectly cause…

Read More

MITRE Engenuity ATT&CK Tests

Posted on by Admin
MITRE Engenuity ATT&CK Tests

By developing a common language to arm analysts with a standard to describe attacks, MITRE ATT&CK has become a critical knowledgebase for cyber defenders, ultimately improving security efficiency and response time. The annual MITRE Evaluation compares industry-wide innovation to deliver the solutions necessary to detect and respond to the evolving threat landscape. The evaluation offers cybersecurity solution buyers and customers with an unbiased option to evaluate security products to arm themselves against the latest advances from attackers…

Read More

This Week in Security News – April 1, 2022

Posted on by Admin
This Week in Security News – April 1, 2022

Read on:  Probing the Activities of Cloud-Based Cryptocurrency-Mining Groups Trend Micro‘s research into cloud-based cryptocurrency mining sheds light on the malicious actor groups involved in this space, their ongoing battle for cloud resources, and the actual extent of the impact of their attacks. Lapsus$ ‘Back from Vacation’ Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list. The Lapsus$ data…

Read More

An In-Depth Look at ICS Vulnerabilities Part 1

Posted on by Admin
An In-Depth Look at ICS Vulnerabilities Part 1

In 2021, there were significant changes in the methods used by cyber attackers. More advanced destructive supply chain attacks also came to the surface this year. This has created an anxious environment, driving developments in cyber defense and the discovery of ICS-related CVEs. 2021’s timeline overview of major OT and ICS cyber incidents shows that modern criminal operations have become so developed that a service industry has emerged with a common business model – Ransom­ware-as-a-Service…

Read More

Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

Posted on by Admin
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

But that’s just the tangible cost of a cryptocurrency-mining attack. There are also indirect consequences that an affected organization might encounter, such as the disruption and slowdown of operations that could result in loss of revenue or even damage to the reputation of the organization because of the inconveniences brought upon its customers. The major players in the cloud-based cryptocurrency mining landscape are diverse in terms of their tools, techniques, and even the way they…

Read More

This Week in Security News – March 25, 2022

Posted on by Admin
This Week in Security News – April 1, 2022

Read on:  An Investigation of Cryptocurrency Scams and Schemes The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has enabled use of cryptocurrency to expand, interest and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream…

Read More

An Investigation of Cryptocurrency Scams and Schemes

Posted on by Admin
An Investigation of Cryptocurrency Scams and Schemes

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency…

Read More

This Week in Security News – March 18, 2022

Posted on by Admin
This Week in Security News – April 1, 2022

Read on:  Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report Trend Micro looks back at the most significant security issues that emerged in 2021, with insights and recommendations to help organizations bolster their defenses. The digital migrations and transformations that had enabled organizations to continue their operations amid the Covid-19 pandemic continued to usher in significant shifts in the threat landscape in 2021. US Has ‘Significant’ Cyber Vulnerabilities, But A Sweeping Russian Cyberattack Is…

Read More

Oil & Gas Cybersecurity: Stop Critical Operation Cyber-attacks

Posted on by Admin
Oil & Gas Cybersecurity: Stop Critical Operation Cyber-attacks

The oil and gas utilities industry face threats from cyber incidents. The ransomware attack on the Colonial Pipeline in May 2021 had a huge impact on the industry. In February 2022, it was also reported that European oil facilities hit by cyber-attack and forced to operate at limited capacity. These latest incidents suggest that oil and gas supply process depend on IT systems, and that the critical operations could be disrupted by IT not working…

Read More
1 10 11 12 13 14 18