cyber threats

What to Do About Log4j

Posted on by Admin
What to Do About Log4j

Log4j does not sanitize inputs. Tactical Measures The first challenge is to find out where your code and applications might have the vulnerability. There are tools to scan for the presence of the string ”log4j” including Snyk and others. These will find any places in your source code libraries that have calls to the code. The next step is to verify whether that source code was ever actually deployed into your production environment. Sometimes developers…

Read More

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Posted on by Admin
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. By: Abraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza December 17, 2021 Read time:  ( words) We recently published how Squirrelwaffle emerged as a loader using two exploits in a recent spam campaign in the Middle East. Further monitoring and analysis from our incident response and extended detection and response teams (IR/XDR)…

Read More

This Week in Security News – December 17, 2021

Posted on by Admin
This Week in Security News – December 17, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause ‘incalculable’ damage. Read on: A Look into Purple Fox’s Server Infrastructure In this blog, Trend Micro sheds light on the later stages of Purple…

Read More

This Week in Security News – December 10, 2021

Posted on by Admin
This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure. Read on: Pushing Forward Key Takeaways from Trend Micro’s Security Predictions for 2022 Because of the Covid-19 pandemic, organizations have learned to…

Read More

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Posted on by Admin
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

New IoT botnet techniques During the observation period, we noted four new techniques added to threat actors’ arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005). It is a Defense Evasion technique that likely reflect the manufacturers’ increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide…

Read More

5 minutes with Teresa Shea: Avoiding cyberattacks

Posted on by Admin
5 minutes with Teresa Shea: Avoiding cyberattacks

5 minutes with Teresa Shea: Avoiding cyber attacks | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website…

Read More

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Posted on by Admin
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. By: Nitesh Surana December 03, 2021 Read time:  ( words) Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this…

Read More

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Posted on by Admin
Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Analyzing How TeamTNT Used Compromised Docker Hub Accounts Cloud Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of. By: Trend Micro Research December 01, 2021 Read time:  ( words) In early November, we disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor….

Read More

5 Things to Do from the AWS re:Invent Day 3 Agenda

Posted on by Admin
5 Things to Do from the AWS re:Invent Day 3 Agenda

5 Things to Do from the AWS re:Invent Day 3 Agenda Compliance & Risks Welcome to your complete guide to AWS re:Invent 2021 Day 3, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually. By: Trend Micro December 01, 2021 Read time:  ( words) You’re in the endgame now, so it’s time to clean up and get any lose-ends tied up.  If…

Read More

What You Can Do to Mitigate Cloud Misconfigurations

Posted on by Admin
What You Can Do to Mitigate Cloud Misconfigurations

Our data also showed a high frequency of Amazon Simple Storage Service (S3) rule violations. Still, it is necessary to examine the data further before fearing for the worst. For one, not all Amazon S3 buckets are supposed to be encrypted. In some instances, encryption is not needed. These are cases where the data needs to be served in clear text such as for public sites or data that needs to be openly accessed through…

Read More
1 14 15 16 17 18