Global Cyberattacks: How to Manage Risk in Times of Chaos

Global Cyberattacks: How to Manage Risk in Times of Chaos

Global Cyberattacks: How to Manage Risk in Times of Chaos Cyber Threats As global tension rises, cyber-risk management and security fundamentals are the key to cyber-resilience. 5 best practices are presented to manage your cyber risk. By: Trend Micro February 24, 2022 Read time:  ( words) While it seems almost cliché now, we are living in unprecedented times. The global pandemic has forced organizations everywhere to deal not only with health and supply-chain challenges, but…

Read More

SMS PVA Part 1: Underground Service for Cybercriminals

SMS PVA Part 1: Underground Service for Cybercriminals

SMS PVA Part 1: Underground Service for Cybercriminals Malware In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it. By: Trend Micro February 22, 2022 Read time:  ( words) Smartphones have become a huge part of our daily lives. Not only do they allow us to connect with family and friends, these nifty devices let us become…

Read More

This Week in Security News – February 18, 2022

This Week in Security News – February 18, 2022

Read on:  SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. Malicious actors can register disposable accounts in bulk or create phone-verified accounts for criminal activities. In the following blog, Trend Micro shares the…

Read More

SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

Using these code snippets and C&C traffic as fingerprints, we were able to identify two more DEX files with the same functionality but different C&Cs, indicating an active development process and several versions of both the development code and production code of the Android malware. Only text messages sent by specific services and matched by the regex provided by the C&C were intercepted. This is likely to prevent the user of the Android phone from…

Read More

This Week in Security News – February 11, 2022

This Week in Security News – February 18, 2022

Read on:  Hidden Scams in Malicious Scans: How to Use QR Codes Safely The practical approach to life after COVID-19 is for people to learn to live with it and do what they can to manage it. One of the things that is likely to remain for the foreseeable future is the need for cashless and no-contact transactions. Many businesses have responded to this need through the use of quick response (QR) codes, however threats…

Read More

This Week in Security News – January 28th, 2022

This Week in Security News – February 18, 2022

Read on: Codex Exposed Task Automation and Response Consistency In this blog series, Trend Micro explores different aspects of Codex and assess its capabilities with a focus on the security aspects that affect not only regular developers, but also malicious users. Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage. In this series, Trend Micro explores if a tool like Codex is reliable…

Read More

TianySpy Malware Uses Smishing Disguised as Message From Telco

TianySpy Malware Uses Smishing Disguised as Message From Telco

TianySpy Malware Uses Smishing Disguised as Message From Telco Mobile Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services. By: Trend Micro January 25, 2022 Read time:  ( words) This blog was first published here: https://blog.trendmicro.co.jp/archives/29322 It has been some time since SMS or text messaging has become a means to…

Read More

This Week in Security News – January 7, 2022

This Week in Security News – February 18, 2022

Read on: Are Endpoints at Risk for Log4Shell Attacks The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3 rating based on CVSS…

Read More

This Week in Security News – December 10, 2021

This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure. Read on: Pushing Forward Key Takeaways from Trend Micro’s Security Predictions for 2022 Because of the Covid-19 pandemic, organizations have learned to…

Read More

Private 5G Security Risks in Manufacturing Part 4

Private 5G Security Risks in Manufacturing Part 4

Private 5G Security Risks in Manufacturing Part 4 Exploits & Vulnerabilities We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. By: Yohei Ishihara November 12, 2021 Read time:  ( words) The option of Private 5G lets private companies and local governments have their own telecom infrastructures. However,…

Read More
1 2 3