research

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Posted on by Admin
Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Analyzing How TeamTNT Used Compromised Docker Hub Accounts Cloud Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of. By: Trend Micro Research December 01, 2021 Read time:  ( words) In early November, we disclosed that compromised Docker Hub accounts were being used for cryptocurrency mining and that these activities were tied to the TeamTNT threat actor….

Read More

What You Can Do to Mitigate Cloud Misconfigurations

Posted on by Admin
What You Can Do to Mitigate Cloud Misconfigurations

Our data also showed a high frequency of Amazon Simple Storage Service (S3) rule violations. Still, it is necessary to examine the data further before fearing for the worst. For one, not all Amazon S3 buckets are supposed to be encrypted. In some instances, encryption is not needed. These are cases where the data needs to be served in clear text such as for public sites or data that needs to be openly accessed through…

Read More

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Posted on by Admin
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Finally, we will analyze the two threads. The C&C communication thread regularly makes a GET request to <C&C domain>/<C&C path>?id=<9digit number>&stat=<environment hash>. The environment hash is computed as an MD5 hash of string created by concatenating the following five values: Value 1 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid))Value 2 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProductName))Value 3 = to_uppercase(crc32(user name))Value 4 = to_uppercase(crc32(computer name))Value 5 = concatenate Value1 Value2 Value3 Value4 It might receive a response in the following format: !lexec;<url to download>restartdelproc…

Read More

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Posted on by Admin
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Exploits & Vulnerabilities Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. By: Mohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar November 19, 2021 Read time:  ( words) In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is…

Read More

Application Security 101

Posted on by Admin
Application Security 101

Application Security 101 Serverless Security Everything DevOps teams need to know about web application security risks and best practices. By: Trend Micro November 17, 2021 Read time:  ( words) Web applications are becoming increasingly complex and the speed of delivery more demanding. This strain of speed and scale is making application vulnerable to attackers. According to Verizon, the majority of breaches were caused by web application attacks. This means application security is more crucial than…

Read More

QAKBOT Loader Returns With New Techniques and Tools

Posted on by Admin
QAKBOT Loader Returns With New Techniques and Tools

QAKBOT Loader Returns With New Techniques and Tools Malware QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using. By: Ian Kenefick, Vladimir Kropotov November 13, 2021 Read time:  ( words) QAKBOT is a prevalent information-stealing malware that was first discovered…

Read More

Private 5G Security Risks in Manufacturing Part 4

Posted on by Admin
Private 5G Security Risks in Manufacturing Part 4

Private 5G Security Risks in Manufacturing Part 4 Exploits & Vulnerabilities We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. By: Yohei Ishihara November 12, 2021 Read time:  ( words) The option of Private 5G lets private companies and local governments have their own telecom infrastructures. However,…

Read More

TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments

Posted on by Admin
TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments

TeamTNT Upgrades Arsenal Refines Focus on Kubernetes and GPU Environments Using a new batch of campaign samples, we take a look at its more recent cybercrime contributions and compare them with its previous deployments to demonstrate the group’s use of upgraded tools and payloads. By: David Fiser, Alfredo Oliveira November 11, 2021 Read time:  ( words) In previous entries, we described how the hacking group TeamTNT targeted unsecured Redis instances, exposed Docker APIs, and vulnerable Kubernetes clusters in order to deploy cryptocurrency-mining payloads and credential…

Read More
1 16 17 18