September 10, 2024 at 11:36AM China’s state-sponsored threat actor, Mustang Panda, is utilizing self-propagating malware spread through USB drives and spear-phishing to target various government entities in the Asia-Pacific region. The group’s tactics have evolved to include new vectors for initial entry, with a focus on specific countries and sectors. Trend Micro researchers advise continuous … Read more
September 10, 2024 at 06:03AM Trend Micro has identified Mustang Panda’s advanced malware tactics, including the propagation of PUBLOAD via HIUPAN, targeting government entities in the APAC region. The cybersecurity firm uncovered the group’s use of multi-stage downloaders and exploitation of Microsoft’s cloud services for data exfiltration. The threat actor’s evolving strategies are concerning for … Read more
August 30, 2024 at 05:13AM Trend Micro researchers discovered an attack exploiting the CVE-2023-22527 vulnerability in older Atlassian Confluence versions, deploying an in-memory fileless backdoor called Godzilla webshell. The backdoor, developed by “BeichenDream,” evades detection with AES encryption and remains in-memory. The attack highlights the importance of regularly patching servers and using advanced security solutions. … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more
August 14, 2024 at 02:03AM Earth Baku, a China-backed threat actor, has expanded its targeting to Europe, the Middle East, and Africa, including countries like Italy, Germany, U.A.E., and Qatar. The group has updated its tactics, using public-facing applications for entry points and deploying sophisticated malware. Their attacks involve various post-exploitation tools and data exfiltration … Read more
July 30, 2024 at 03:08PM Trend Micro’s research reveals the rapid evolution of AI-powered hacking services, posing increased threats to cybersecurity. The availability and sophistication of deepfake technology in the cybercrime underground are growing, providing opportunities for mass exploitation. Additionally, defunct criminal services are re-emerging with new functionalities, emphasizing the need for proactive cybersecurity measures. … Read more
July 22, 2024 at 12:24AM A new Linux variant of the Play ransomware, known for double extortion tactics, has been discovered by Trend Micro researchers. This variant targets VMWare ESXi environments, expanding its potential victim pool. The ransomware has targeted industries such as manufacturing, IT, and retail, while collaborating with the services of Prolific Puma … Read more
July 16, 2024 at 12:09PM Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat … Read more
July 16, 2024 at 10:18AM Trend Micro partners with IBM to enhance security for critical SAP workloads running on IBM Power servers. The collaboration leverages IBM’s system security expertise and Trend Vision One™ to provide advanced threat protection, detection, and response, addressing the increasing cyber risks faced by SAP customers. The combined solution extends visibility, … Read more
July 8, 2024 at 06:24AM Latin American financial institutions face a surge in cyber attacks from the Mekotio banking trojan, targeting countries like Brazil and Mexico to steal banking credentials. Trend Micro observed a rise in attacks distributing this Windows malware, as well as the emergence of a new trojan codenamed Red Mongoose Daemon, posing … Read more