research

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Posted on by Admin
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Evidence of attacks using the Log4j vulnerability was also shown in a test that triggered a bug on a Tesla car. For this case, the source does not provide much information on where it was actually executed. Nevertheless, this means that the exploitation of the vulnerability could still have an impact on the user’s privacy and the general security of the car because a back-end compromise could allow attackers to push actions to the car…

Read More

2022 Cybersecurity Trends for DevSecOps

Posted on by Admin
2022 Cybersecurity Trends for DevSecOps

How many articles have you read that started with some variation of “the COVID-19 pandemic accelerated digital transformation?” This concept isn’t new, but you may be wondering how these sudden changes will impact security. We’ll explore Trend Micro Research’s predictions for 2022 and the impact on DevSecOps—the cultural approach that helps you build secure apps as quick as you can say “the COVID-19 pandemic accelerated digital transformation.” Cybercrime in the cloud Due to the sudden…

Read More

Are Endpoints at Risk for Log4Shell Attacks

Posted on by Admin
Are Endpoints at Risk for Log4Shell Attacks

The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can  allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3  rating based on CVSS version 2.0 in terms of critical risk — and…

Read More

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Posted on by Admin
Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Volatile and Adaptable: Tracking the Movements of Modern Ransomware Ransomware Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users. By: Trend Micro Research December 15, 2021 Read time:  ( words) In the first half of 2021, we saw that modern ransomware threats were still active and evolving, using double extortion techniques to victimize targets. Unlike…

Read More

Tropic Trooper Targets Transportation and Government Organizations

Posted on by Admin
Tropic Trooper Targets Transportation and Government Organizations

Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Source link

Read More

A Look Into Purple Fox’s Server Infrastructure

Posted on by Admin
A Look Into Purple Fox’s Server Infrastructure

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Read More

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Posted on by Admin
Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware…

Read More

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

Posted on by Admin
New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes Ransomware We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management. By: Don Ovid Ladores December 10, 2021 Read time:  ( words) We analyzed new samples of the Yanluowang ransomware, a recently discovered ransomware family. One interesting aspect of these samples is…

Read More

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Posted on by Admin
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

New IoT botnet techniques During the observation period, we noted four new techniques added to threat actors’ arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005). It is a Defense Evasion technique that likely reflect the manufacturers’ increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide…

Read More

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Posted on by Admin
Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Analyzing How TeamTNT Used Compromised Docker Hub Accounts Cloud Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of. By: Trend Micro Research December 01, 2021 Read time:  ( words) In early November, we disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor….

Read More
1 15 16 17 18