research

Electricity/Energy Cybersecurity: Trends & Survey Response

Posted on November 16, 2022November 17, 2022 by Admin

Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and environmental factors that will drive future cybersecurity improvements. We will also introduce Trend Micro’s proposals based on the industry’s current…

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Posted on November 11, 2022November 11, 2022 by Admin

At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Posted on November 8, 2022November 8, 2022 by Admin

Changing the paths is likely something that an attacker will do, and this will cause some of the things we’ve previously discussed to change in the binaries and in the traffic patterns. For instance, if the getname in the DOH agent is changed, it will no longer go to 6765746e616d65 but will instead redirect to a subdomain of whatever it was changed to, converted to the hexadecimal system (an example being “trendmicroftr”, which would look…

Attack Surface Management 2022 Midyear Review Part 3

Posted on November 3, 2022November 5, 2022 by Admin

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, we discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, we talk about how malicious actors take advantage of cloud tunnelling and how misconfiguration remains a headache for most organization. Malicious Actors Abuse Cloud Tunneling…

Manufacturing Cybersecurity: Trends & Survey Response

Posted on October 28, 2022October 28, 2022 by Admin

Figure 5: Q19. Until now, what have been your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems? Q20.What do you believe your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems are over the next three years？(NB: Multiple choices allowed) We will consider the reasons and background for these results. One of the reasons why there is a high awareness of efforts to prevent recurrence is…

Comprehensive Traceability for Android Supply-Chain Security

Posted on October 28, 2022October 28, 2022 by Admin

What is product traceability? Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant and avoiding litigation. In a recent example, Rivian, an electric car company, recently issued a recall…

Attack Surface Management 2022 Midyear Review Part 2

Posted on October 27, 2022October 27, 2022 by Admin

The number of vulnerabilities published by CVE increased in the first half of 2022, with 12,380 records compared to 9,420 during the same period last year. This trend was also seen through Trend Micro ZDI. There was an increase from 770 Advisories issued between January 1st and June 30th 2021. Now, there are 944 total security alerts available via this program since the midyear of 2022 alone. Vulnerabilities with a high-severity rating made up the…

From Bounty to Exploit Observations About Cybercriminal Contests

Posted on October 27, 2022October 27, 2022 by Admin

Cybercriminals have taken their own initiative to establish an informal way of conducting research and development by holding contests on forums. In this blog post, we go through the key takeaways we learned about these competitions. These contests are diverse and range from public calls for articles that describe new technologies to hackathons that can improve cybercriminals’ defenses. We elaborate on the details of their operation here. The following are our key takeaways: Cybercriminals often…

Where is the Origin QAKBOT Uses Valid Code Signing

Posted on October 27, 2022October 27, 2022 by Admin

In this case, the assumption that the threat actor was directly issued certificates through abuse of the certificate issuance process is more strongly suspected than the stealing of the private key, but the protection of private keys on the user side is still a challenge. In the use of code signing certificates, private key protection on the user side has been enhanced over time, but it still has a long way to go before it…

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Posted on October 25, 2022October 25, 2022 by Admin

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint By: Mohamed Fahmy, Sherif Magdy, Ahmed Samir October 25, 2022 Read time: ( words) The Trend Micro research team recently analyzed an infection related to the LV ransomware group, a ransomware as a service (RaaS) operation that has been active since late 2020,…

« 1 … 5 6 7 8 9 … 18 »

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Attack Surface Management 2022 Midyear Review Part 3

Comprehensive Traceability for Android Supply-Chain Security

Attack Surface Management 2022 Midyear Review Part 2

From Bounty to Exploit Observations About Cybercriminal Contests

Where is the Origin QAKBOT Uses Valid Code Signing

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)