The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It

An earlier version of an out-of-bounds (OOB) vulnerability in Samba was disclosed via Trend Micro Zero Day Initiative’s (ZDI) Pwn2Own Austin 2021. ZDI looked further into the security gap and found more variants of the vulnerability after the event and subsequently disclosed the findings to the company. While we have not seen any active attacks exploiting this vulnerability, CVE-2021-44142 received a CVSS rating of 9.9 out of the three variants reported. If abused, this security…

Read More

This Week in Security News – January 28th, 2022

This Week in Security News – January 28th, 2022

Read on: Codex Exposed Task Automation and Response Consistency In this blog series, Trend Micro explores different aspects of Codex and assess its capabilities with a focus on the security aspects that affect not only regular developers, but also malicious users. Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage. In this series, Trend Micro explores if a tool like Codex is reliable…

Read More

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

By measuring the exposure of DDS services, in one month we found 643 distinct public-facing DDS services in 34 countries affecting 100 organizations via 89 internet service providers (ISPs). Of the DDS implementations by seven distinct vendors (one of which we were initially unaware of), 202 leaked private IP addresses (referring to internal network architecture details), and seven supposedly secret URLs. Some of these IP addresses expose unpatched or outdated DDS implementations, which are affected…

Read More

TianySpy Malware Uses Smishing Disguised as Message From Telco

TianySpy Malware Uses Smishing Disguised as Message From Telco

TianySpy Malware Uses Smishing Disguised as Message From Telco Mobile Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services. By: Trend Micro January 25, 2022 Read time:  ( words) This blog was first published here: https://blog.trendmicro.co.jp/archives/29322 It has been some time since SMS or text messaging has become a means to…

Read More

Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal

Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal

Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal APT & Targeted Attacks We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT) group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT. By: Trend Micro January 24, 2022 Read time:  ( words) APT36, also known as Earth Karkaddan, a politically…

Read More

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant Ransomware LockBit ransomware’s operators announced the release of its first Linux and ESXi variant in October. With samples also spotted in the wild, we discuss the impact and analysis of this variant. By: Junestherry Dela Cruz January 24, 2022 Read time:  ( words) In our monitoring of the LockBit ransomware’s intrusion set, we found an announcement for LockBit Linux-ESXi Locker version 1.0 on…

Read More

Codex Exposed Task Automation and Response Consistency

Codex Exposed Task Automation and Response Consistency

Codex Exposed Task Automation and Response Consistency Cyber Threats Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage, so we wondered if a tool like Codex was reliable enough to be scripted and left to run unsupervised, generating the required code. By: Forward-Looking Threat Research Team January 21, 2022 Read time:  ( words) In June 2020, OpenAI released version 3 of its Generative…

Read More

This Week in Security News – January 21, 2022

This Week in Security News – January 28th, 2022

Read on: Cybersecurity for Industrial Control Systems: Part 1 In this two-part series, Trend Micro looks at cybersecurity threats that affected industrial control systems endpoints and shares insights and recommendations to mitigate such threats. Trend Micro’s expert team extensively studied reported malware families in ICS endpoints to validate ICS security and establish a global baseline for examining threats that put these systems at risk. CISA Urges US Orgs to Prepare for Data-Wiping Cyberattacks Ukraine government…

Read More

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection. By: Ian Kenefick January 21, 2022 Read time:  ( words) We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution. Upon receiving these standards,…

Read More

Cybersecurity for Industrial Control Systems: Part 2

Cybersecurity for Industrial Control Systems: Part 2

Legacy malware had the most detections in India, China, the US, and Taiwan. For coinminer, Equated malware, and WannaCry, India had the most detections. On the other hand, Japan had the most Emotet infections, while ICSs in Germany had the most adware incidents. Through this extensive research, we found that there were several malware threats that pose a great risk on ICSs. By identifying these threats, we can now determine various steps that your enterprise…

Read More
1 20 21 22 23 24 27