research

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Posted on July 6, 2022July 7, 2022 by Admin

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. By: Nathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio July 06,…

Private 5G Network Security Expectations Part 2

Posted on July 5, 2022July 8, 2022 by Admin

Private 5G Network Security Expectations Part 2 Privacy & Risks The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks? By: Jun Morimoto July 05, 2022 Read time: ( words) The implementation of private 5G is already real, according to a survey conducted by Trend Micro in collaboration with 451 Research, part of S&P Global Market…

Private 5G Network Security Expectations Part 1

Posted on July 5, 2022July 8, 2022 by Admin

Private 5G Network Security Expectations Part 1 Privacy & Risks Are “new” protocols and “private” networks sufficient for your cybersecurity requirements? By: Jun Morimoto July 05, 2022 Read time: ( words) Corporate security teams are now facing multiple cybersecurity issues, including complex data privacy and compliance requirements, in addition to the rapidly advancing Digital Transformation. Trend Micro, in collaboration with 451 Research, a part of S&P Global Market Intelligence, conducted a survey on the private…

Data Distribution Service: An Overview Part 1

Posted on July 4, 2022July 8, 2022 by Admin

In this three-part series, we focus on Data Distribution Service (DDS), which drives systems such as railways, autonomous cars, spacecraft, diagnostic imaging machines, luggage handling, and military tanks, among others. We’ll also explore the current status of DDS and highlight recommendations enterprises can take to minimize the threats associated with this middleware. But first, let’s discuss what DDS is and how it is applied in various industries. Overview DDS is a standardized middleware software based…

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Posted on June 30, 2022June 30, 2022 by Admin

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit We look into a recent attack orchestrated by the Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations. By: Kenneth Adrian Apostol, Paolo Ronniel Labrador, Mirah Manlapig, James Panlilio, Emmanuel Panopio, John Kenneth Reyes, Melvin Singwa June 30, 2022 Read…

Hacking the Crypto-monetized Web

Posted on June 30, 2022July 1, 2022 by Admin

Hacking the Crypto-monetized Web Cyber Threats What danger lies around the corner? By: Jon Clay June 30, 2022 Read time: ( words) The web is several decades old. But it largely still relies on the same method of monetization as it always has: advertising. However, things are changing thanks to the power of cryptocurrency and blockchain. It’s what Trend Micro has coined the “crypto-monetized web” (CMW). But where there’s money to be made and users…

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Posted on June 28, 2022June 28, 2022 by Admin

Lateral movement to machines in the network After the initial infection with Cobalt Strike, we observed that the threat actor dropped node.exe, which is a stowaway proxy tool that is publicly available on Github. The tool is written in the GO language and can provide many capabilities to threat actors: remote shell execution, upload/downloading files, and more. In this case, the tool is used to provide a reverse shell to threat actors on IP: 45[.]32.108.54…

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Posted on June 27, 2022June 27, 2022 by Admin

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups Ransomware We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022. By: Shingo Matsugaya, Matsukawa Bakuei, Vladimir Kropotov June 27, 2022 Read time: ( words) Trend Micro has been monitoring the leak sites of multiple ransomware groups since November 2019 and continuously…

Misunderstood Private Network 5G Security Risks & Vulnerabilities

Posted on June 24, 2022June 25, 2022 by Admin

The move towards 5G is accelerating as enterprises seek greater security, flexibility, and reliability in 5G than earlier cellular, wireless, or wired connectivity. And while the underlying security capabilities of 5G NPN are superior to earlier communications media, they are not flawless. Recent research outlined four attack routes into a private 5G network, three areas where communications network topology presents opportunities to intercept signal traffic, and six methods for attacking the physical process infrastructure via…

State of OT Security in 2022: Big Survey Key Insights

Posted on June 15, 2022June 17, 2022 by Admin

State of OT Security in 2022: Big Survey Key Insights Compliance & Risks Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan. By: Hiroyuki Ueno June 15, 2022 Read time: ( words) Industrial sectors affected by cyberattacks It has become evident that critical infrastructure and manufacturing industries worldwide are under threat from cyberattacks,…

« 1 … 9 10 11 12 13 … 18 »

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Private 5G Network Security Expectations Part 2

Private 5G Network Security Expectations Part 1

Data Distribution Service: An Overview Part 1

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Misunderstood Private Network 5G Security Risks & Vulnerabilities

State of OT Security in 2022: Big Survey Key Insights

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)