Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware Exploits & Vulnerabilities Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. By: Sunil Bharti September 21, 2022 Read time:  ( words) We observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is…

Read More

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

We confirmed that both the legitimate and the malicious versions of the chat installer were unsigned, which means the users of MiMi chat were probably used to all these extra steps to finally install the application despite all the macOS watchguards. HyperBro The HyperBro malware family has been around since 2017 and has been extensively analyzed. It was updated in mid-2019, which we described in detail in our Operation DRBControl paper. The version used in…

Read More

Private 5G Network Security Expectations Part 3

Private 5G Network Security Expectations Part 3

Q: Are you or do you expect to use cloud-based capabilities in your private network? Network cloudification?Base: n = 408 Source: 451 Research custom study Coexistence of technology evolution and cybersecurity Openness expands business opportunities, but there are always major security challenges. Many of us will remember the Apache Log4j vulnerability that occurred at the end of 2021. The use of open source is also promoted in O-RAN ALLIANCE mentioned above, but the biggest security…

Read More

Private 5G Network Security Expectations Part 1

Private 5G Network Security Expectations Part 1

Private 5G Network Security Expectations Part 1 Privacy & Risks Are “new” protocols and “private” networks sufficient for your cybersecurity requirements? By: Jun Morimoto July 05, 2022 Read time:  ( words) Corporate security teams are now facing multiple cybersecurity issues, including complex data privacy and compliance requirements, in addition to the rapidly advancing Digital Transformation. Trend Micro, in collaboration with 451 Research, a part of S&P Global Market Intelligence, conducted a survey on the private…

Read More

Private 5G Network Security Expectations Part 2

Private 5G Network Security Expectations Part 2

Private 5G Network Security Expectations Part 2 Privacy & Risks The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks? By: Jun Morimoto July 05, 2022 Read time:  ( words) The implementation of private 5G is already real, according to a survey conducted by Trend Micro in collaboration with 451 Research, part of S&P Global Market…

Read More

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys Mobile We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. By: Cifer Fang, Ford Quin, Zhengyu Dong May 16, 2022 Read time:  ( words) We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user…

Read More

An Investigation of Cryptocurrency Scams and Schemes

An Investigation of Cryptocurrency Scams and Schemes

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency…

Read More

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service Malware In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats. By: Trend Micro March 02, 2022 Read time:  ( words) Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell…

Read More

SMS PVA Part 2: Underground Service for Cybercriminals

SMS PVA Part 2: Underground Service for Cybercriminals

In this sample, we can see an Indonesian mobile number with an “ethnically” matching photograph in Whatsapp (presumed real account of the owner), but with a Russian name in Telegram (account presumed to have been registered using SMS PVA). These are just some illustrations of the common trend we saw on smspva.net. Either the accounts have different names across different services, or the country of the mobile phone does not match the language used in…

Read More
1 2 3