An In-Depth Look at ICS Vulnerabilities Part 2

An In-Depth Look at ICS Vulnerabilities Part 2

This chart shows CVEs affecting Critical Manufacturing that was identified in 2021 advisories which might be used to accomplish tactics from the MITRE ATT&CK framework ease of reading. Names and definitions of tactics are directly referenced from the MITRE ATT&CK framework. Six hundred and thirteen CVEs identified in advisories in 2021 are likely to affect Critical Manufacturing environments, 88.8% of them might be leveraged by attackers to create an Impact (to directly or indirectly cause…

Read More

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639 We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation. By: Mickey Jin April 04, 2022 Read time:  ( words) We discovered a vulnerability in suhelperd, a helper daemon process for Software Update in macOS. A class inside suhelperd, SUHelper, provides an essential system service through the inter-process communication (IPC)…

Read More

MITRE Engenuity ATT&CK Tests

MITRE Engenuity ATT&CK Tests

By developing a common language to arm analysts with a standard to describe attacks, MITRE ATT&CK has become a critical knowledgebase for cyber defenders, ultimately improving security efficiency and response time. The annual MITRE Evaluation compares industry-wide innovation to deliver the solutions necessary to detect and respond to the evolving threat landscape. The evaluation offers cybersecurity solution buyers and customers with an unbiased option to evaluate security products to arm themselves against the latest advances from attackers…

Read More

This Week in Security News – April 1, 2022

This Week in Security News – April 1, 2022

Read on:  Probing the Activities of Cloud-Based Cryptocurrency-Mining Groups Trend Micro‘s research into cloud-based cryptocurrency mining sheds light on the malicious actor groups involved in this space, their ongoing battle for cloud resources, and the actual extent of the impact of their attacks. Lapsus$ ‘Back from Vacation’ Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list. The Lapsus$ data…

Read More

An In-Depth Look at ICS Vulnerabilities Part 1

An In-Depth Look at ICS Vulnerabilities Part 1

In 2021, there were significant changes in the methods used by cyber attackers. More advanced destructive supply chain attacks also came to the surface this year. This has created an anxious environment, driving developments in cyber defense and the discovery of ICS-related CVEs. 2021’s timeline overview of major OT and ICS cyber incidents shows that modern criminal operations have become so developed that a service industry has emerged with a common business model – Ransom­ware-as-a-Service…

Read More

This Week in Security News – March 25, 2022

This Week in Security News – April 1, 2022

Read on:  An Investigation of Cryptocurrency Scams and Schemes The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has enabled use of cryptocurrency to expand, interest and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream…

Read More

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

In previous campaigns in 2019, HTTP file servers (HFS) were used by Purple Fox to run the C&C servers that host files on the infected bots. In this most recent investigation, we found an exposed HFS that the Purple Fox group uses to host all the second stage samples with their update timestamps. We were able to track the frequency of the second stage updated packages pushed to this exposed server using the timestamp data….

Read More

New Nokoyawa Ransomware Possibly Related to Hive

New Nokoyawa Ransomware Possibly Related to Hive

Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in just four months — allowing the group to earn what could potentially be millions of US dollars in profit. In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in…

Read More

This Week in Security News March 4, 2022

This Week in Security News – April 1, 2022

Read on:  Global Cyberattacks: How to Manage Risk in Times of Chaos As global tension rises, cyber-risk management and security fundamentals are the key to cyber-resilience. Evidence of widespread defacement of government websites, and targeted attacks against government agencies and financial institutions serve yet another layer of risk to deal with, and it has never been more important to be on top of your security game. Trend Micro shares 5 best practices to manage cyber…

Read More

Cyberattacks are Prominent in the Russia-Ukraine Conflict

Cyberattacks are Prominent in the Russia-Ukraine Conflict

The Conti intrusion set, which Trend Micro tracks under the moniker Water Goblin, has remained active despite other well-established ransomware groups shutting down in the wake of government sanctions. We also observed a spike in the volume of activity for the BazarLoader malware — a key enabler for Conti attacks — since early February 2022.  Conti chat logs leaked  Meanwhile, external sources have reported on the chats of Conti operators being leaked by a Ukrainian…

Read More
1 6 7 8 9 10 11