December 13, 2024 at 03:04AM Trend Micro researchers examined a social engineering attack where an attacker impersonated a client during a Microsoft Teams call. The victim was tricked into downloading AnyDesk, allowing remote access, which facilitated the installation of DarkGate malware. The attack was ultimately stopped before any data exfiltration occurred, highlighting security vulnerabilities. **Meeting … Read more
December 4, 2024 at 11:13PM AI adoption is increasing among organizations for productivity and new business opportunities, but security often lags behind. The article outlines AI security risks, including prompt injection and model theft, suggesting best practices to mitigate these risks, such as configuring sensitive information filters and disabling public access to AI resources. ### … Read more
November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more
October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more
October 2, 2024 at 11:27AM A recent spear-phishing email campaign targeted recruiters using the More_eggs JavaScript backdoor, with actors posing as fake job applicants to infect systems. The malware, attributed to the Golden Chickens group, enables credential theft and has been linked to several e-crime groups. Trend Micro observed a variation of the campaign utilizing … Read more
September 30, 2024 at 11:11AM A recruitment officer fell for a sophisticated spear-phishing lure by downloading a malicious file disguised as a resume, resulting in a more_eggs backdoor infection. The Trend Micro MDR team utilized the Vision One platform to contain the infection and automate threat detection in a campaign associated with the more_eggs malware. … Read more
September 27, 2024 at 05:01AM Summary: Jon Clay discusses the evolving cyber threats and the need for AI-driven ASRM + XDR to manage these threats effectively. With advanced technologies like AI and GenAI, organizations can now identify and mitigate cyber risks, as well as benefit from automated assistance in cybersecurity tasks. Trend Micro’s Vision One … Read more
September 25, 2024 at 07:18AM Ethical hackers can win over $1 million in cash and prizes at Pwn2Own Automotive 2025 in Tokyo, Japan. The competition includes hacking Tesla vehicles, in-vehicle infotainment systems, electric vehicle chargers, and operating systems, with prizes up to $500,000 for demonstrated vulnerabilities. Interested participants can find the full rules and registration … Read more
September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more
September 16, 2024 at 07:39AM Microsoft identified and addressed a high-severity CVE-2024-43461 security flaw through September 2024 updates, following its exploitation as a zero-day in Internet Explorer. This spoofing bug in MSHTML can execute arbitrary code when a user interacts with a malicious page or file. It was part of an attack chain exploited by … Read more