reports

Tropic Trooper Targets Transportation and Government Organizations

Posted on by Admin
Tropic Trooper Targets Transportation and Government Organizations

Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Source link

Read More

A Look Into Purple Fox’s Server Infrastructure

Posted on by Admin
A Look Into Purple Fox’s Server Infrastructure

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Read More

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Posted on by Admin
Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware…

Read More

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

Posted on by Admin
New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes Ransomware We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management. By: Don Ovid Ladores December 10, 2021 Read time:  ( words) We analyzed new samples of the Yanluowang ransomware, a recently discovered ransomware family. One interesting aspect of these samples is…

Read More

This Week in Security News – December 10, 2021

Posted on by Admin
This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure. Read on: Pushing Forward Key Takeaways from Trend Micro’s Security Predictions for 2022 Because of the Covid-19 pandemic, organizations have learned to…

Read More

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Posted on by Admin
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

New IoT botnet techniques During the observation period, we noted four new techniques added to threat actors’ arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005). It is a Defense Evasion technique that likely reflect the manufacturers’ increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide…

Read More

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Posted on by Admin
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. By: Nitesh Surana December 03, 2021 Read time:  ( words) Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this…

Read More

This Week in Security News – December 3, 2021

Posted on by Admin
This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network. Read on: Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains In September, Squirrelwaffle emerged as a new loader that is spread…

Read More

5 Things to Do from the AWS re:Invent Day 3 Agenda

Posted on by Admin
5 Things to Do from the AWS re:Invent Day 3 Agenda

5 Things to Do from the AWS re:Invent Day 3 Agenda Compliance & Risks Welcome to your complete guide to AWS re:Invent 2021 Day 3, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually. By: Trend Micro December 01, 2021 Read time:  ( words) You’re in the endgame now, so it’s time to clean up and get any lose-ends tied up.  If…

Read More

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Posted on by Admin
Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Analyzing How TeamTNT Used Compromised Docker Hub Accounts Cloud Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of. By: Trend Micro Research December 01, 2021 Read time:  ( words) In early November, we disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor….

Read More
1 23 24 25 26 27