research

Information on Attacks Involving 3CX Desktop App

Posted on March 30, 2023March 30, 2023 by Admin

Note: This is a developing story and will be updated as needed. In late March 2023, security researchers revealed that threat actors abused a popular business communication software from 3CX — in particular, the reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was being employed to target 3CX’s customers as part of an attack. On its forums, 3CX has posted an update that recommends uninstalling the desktop app…

New OpcJacker Malware Distributed via Fake VPN Malvertising

Posted on March 29, 2023March 29, 2023 by Admin

New OpcJacker Malware Distributed via Fake VPN Malvertising Malware We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022. By: Jaromir Horejsi, Joseph C Chen March 29, 2023 Read time: ( words) We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability),…

Earth Preta Updated Stealthy Strategies

Posted on March 23, 2023March 25, 2023 by Admin

We categorize the different TTPs into six stages: arrival vectors, discovery, privilege escalation, lateral movement, command and control (C&C) and exfiltration, respectively. In our previous research, we covered most of the new TTPs and malware during the first stage, arrival vectors. However, we observed that some of TTPs have been changed. In the following sections, we focus on the updated arrival vectors and their succeeding stages. We previously summarized the arrival vectors used by Earth…

Emotet Returns, Now Adopts Binary Padding for Evasion

Posted on March 13, 2023March 14, 2023 by Admin

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/ The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Examining Ransomware Payments From a Data-Science Lens

Posted on March 9, 2023March 10, 2023 by Admin

In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be telling of its persistence methods, the tactics, techniques,…

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Posted on March 2, 2023March 2, 2023 by Admin

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con. To successfully combat spam or phishing threats, organizations must…

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

Posted on March 2, 2023March 2, 2023 by Admin

The CVEs used by the top five groups varied in severity (Figure 2), though most of these CVEs had a score of at least 7.2 on the Common Vulnerability Scoring System (CVSS). As Figure 3 shows, the bulk of these vulnerabilities were exploited as a means of privilege escalation at 54.3%, followed by those for remote code execution (RCE) at 17.4%. Vulnerabilities exploited by the top five ransomware groups CVE-2021-30119, which has the lowest CVSS…

A Deep Dive into the Evolution of Ransomware Part 3

Posted on February 27, 2023February 28, 2023 by Admin

A Deep Dive into the Evolution of Ransomware Part 3 Privacy & Risks This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends. By: Trend Micro February 27, 2023 Read time: ( words) Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises –…

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

Posted on February 24, 2023February 24, 2023 by Admin

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool Malware Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX. By: Buddy Tancio, Abraham Camba, Catherine Loveria February 24, 2023 Read time: ( words) Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used (via the DLL…

« 1 2 3 4 5 … 18 »

Information on Attacks Involving 3CX Desktop App

New OpcJacker Malware Distributed via Fake VPN Malvertising

Earth Preta Updated Stealthy Strategies

Emotet Returns, Now Adopts Binary Padding for Evasion

Examining Ransomware Payments From a Data-Science Lens

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

A Deep Dive into the Evolution of Ransomware Part 3

Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)