research

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Posted on by Admin
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Our investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; we also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on…

Read More

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

Posted on by Admin
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT Cloud We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool. By: David Fiser, Alfredo Oliveira December 12, 2022 Read time:  ( words) We’ve previously written about cryptojacking scenarios involving Linux machines and specific cloud computing instances being targeted by threat actors active in this space such as TeamTNT. We found that the routines and chain of…

Read More

Industry 4.0: CNC Machine Security Risks Part 3

Posted on by Admin
Industry 4.0: CNC Machine Security Risks Part 3

Industry 4.0: CNC Machine Security Risks Part 3 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro December 06, 2022 Read time:  ( words) In this final installation of our three-part blog series, we lay out countermeasures that enterprises can do to protect their machines. We’ll also discuss our responsible disclosure as well as the feedback we got from the vendors we evaluated. Countermeasures We found that only…

Read More

Industry 4.0: CNC Machine Security Risks Part 2

Posted on by Admin
Industry 4.0: CNC Machine Security Risks Part 2

Industry 4.0: CNC Machine Security Risks Part 2 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro December 01, 2022 Read time:  ( words) In part one, we discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. We also laid out how we evaluated the chosen vendors for our research. For…

Read More

Industry 4.0: CNC Machine Security Risks Part 1

Posted on by Admin
Industry 4.0: CNC Machine Security Risks Part 1

Industry 4.0: CNC Machine Security Risks Part 1 Cyber Threats This three-part blog series explores the risks associated with CNC machines By: Trend Micro November 29, 2022 Read time:  ( words) Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity has made them more…

Read More

WannaRen Returns as Life Ransomware, Targets India

Posted on by Admin
WannaRen Returns as Life Ransomware, Targets India

WannaRen Returns as Life Ransomware, Targets India Ransomware This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. By: Don Ovid Ladores, Jeffrey Francis Bonaobra November 23, 2022 Read time:  ( words) Although not as well-known as ransomware families such as Ryuk, REvil, or Maze, WannaRen ransomware made a name for itself back in 2020 after it launched attacks against Chinese internet users,…

Read More

Earth Preta Spear-Phishing Governments Worldwide

Posted on by Admin
Earth Preta Spear-Phishing Governments Worldwide

In our observation of the campaigns, we noted that, Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links. Users are then lured into downloading and triggering the malware to execute,  TONEINS, TONESHELL, and PUBLOAD. PUBLOAD has been previously reported, but we add new technical insights in this entry that tie it to TONEINS and TONESHELL, newly…

Read More

Electricity/Energy Cybersecurity: Trends & Survey Response

Posted on by Admin
Electricity/Energy Cybersecurity: Trends & Survey Response

Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and environmental factors that will drive future cybersecurity improvements. We will also introduce Trend Micro’s proposals based on the industry’s current…

Read More

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Posted on by Admin
CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…

Read More

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Posted on by Admin
DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Changing the paths is likely something that an attacker will do, and this will cause some of the things we’ve previously discussed to change in the binaries and in the traffic patterns. For instance, if the getname in the DOH agent is changed, it will no longer go to 6765746e616d65 but will instead redirect to a subdomain of whatever it was changed to, converted to the hexadecimal system (an example being “trendmicroftr”, which would look…

Read More
1 4 5 6 7 8 18