I started my cybersecurity journey in July 1996 as a sales engineer for a cybersecurity company, Trend Micro, that had already been around for 8 years. Having been in the industry for 26 years now – all of them at Trend Micro – I may have a bit of bias toward what we’ve been able to accomplish over the years, but I wanted to share my excitement about what we’re doing today and will be…
Read More
Industry 4.0: CNC Machine Security Risks Part 3 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro December 06, 2022 Read time: ( words) In this final installation of our three-part blog series, we lay out countermeasures that enterprises can do to protect their machines. We’ll also discuss our responsible disclosure as well as the feedback we got from the vendors we evaluated. Countermeasures We found that only…
Read More
Industry 4.0: CNC Machine Security Risks Part 2 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro December 01, 2022 Read time: ( words) In part one, we discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. We also laid out how we evaluated the chosen vendors for our research. For…
Read More
Industry 4.0: CNC Machine Security Risks Part 1 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro November 29, 2022 Read time: ( words) Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity has made them more…
Read More
INTERPOL recently conducted operation African Surge to take down malicious infrastructure across the African continent and requested the help of private enterprises. Trend Micro is proud to have been asked to participate and provided global threat intelligence that was utilized in this operation. To read the official announcement, please visit: https://www.interpol.int/News-and-Events/News/2022/Operation-across-Africa-identifies-cyber-criminals-and-at-risk-online-infrastructure Trend Micro has a long history of supporting law enforcement, including INTERPOL, with our threat intelligence. From providing information about malicious actors to the…
Read More
WannaRen Returns as Life Ransomware, Targets India Ransomware This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. By: Don Ovid Ladores, Jeffrey Francis Bonaobra November 23, 2022 Read time: ( words) Although not as well-known as ransomware families such as Ryuk, REvil, or Maze, WannaRen ransomware made a name for itself back in 2020 after it launched attacks against Chinese internet users,…
Read More
In our observation of the campaigns, we noted that, Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links. Users are then lured into downloading and triggering the malware to execute, TONEINS, TONESHELL, and PUBLOAD. PUBLOAD has been previously reported, but we add new technical insights in this entry that tie it to TONEINS and TONESHELL, newly…
Read More
The Global and Regional CRI The current global cyber risk index is at -0.15, which is considered an elevated risk level. This is a slight increase in risk from the second half of 2021, when it was -0.04. Organizations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison. Digging into each of the four regions, North America’s CRI was the…
Read More
Pilfered Keys Free App Infected by Malware Steals Keychain Data Malware Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users. By: Luis Magisa, Qi Sun November 16, 2022 Read time: ( words) Today, malware spreads easily, infecting computers of various users. Commonly found on…
Read More
At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…
Read More
Introduction Cloud computing services have grown exponentially in