Trend Micro

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another […]

React to this headline:

Loading spinner

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

The role of compromised cyber-physical devices in modern cyberattacks

The role of compromised cyber-physical devices in modern cyberattacks 2024-10-17 at 11:46 By Zeljka Zorz Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the

React to this headline:

Loading spinner

The role of compromised cyber-physical devices in modern cyberattacks Read More »

Attackers deploying red teaming tool for EDR evasion

Attackers deploying red teaming tool for EDR evasion 2024-10-15 at 17:16 By Zeljka Zorz Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by leveraging

React to this headline:

Loading spinner

Attackers deploying red teaming tool for EDR evasion Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect

React to this headline:

Loading spinner

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes Read More »

Microsoft fixes 6 zero-days under active attack

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update 2024-07-22 at 15:16 By Zeljka Zorz By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that threw Windows

React to this headline:

Loading spinner

Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

React to this headline:

Loading spinner

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Infosec products of the month: June 2024

Infosec products of the month: June 2024 2024-07-01 at 05:47 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Acronis, Appdome, ARMO, Atsign, Cofense, Datadog, Diligent, Entrust, eSentire, KELA, Metomic, NinjaOne, Plainsea, SailPoint, SentinelOne, Tines,Trend Micro, Verimatrix, Veritas Technologies, and Zyxel. Plainsea: Cybersecurity platform that

React to this headline:

Loading spinner

Infosec products of the month: June 2024 Read More »

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) 2024-06-11 at 23:01 By Zeljka Zorz June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have been exploited in

React to this headline:

Loading spinner

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) Read More »

New infosec products of the week: June 7, 2024

New infosec products of the week: June 7, 2024 2024-06-07 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Appdome, SailPoint, Tines, Trend Micro, Verimatrix, and Zyxel Networks. Zyxel Networks USG LITE 60AX improves network security Zyxel Networks launched USG LITE 60AX–an AX6000

React to this headline:

Loading spinner

New infosec products of the week: June 7, 2024 Read More »

Trend Micro Inline NDR enhances threat detection and response

Trend Micro Inline NDR enhances threat detection and response 2024-06-04 at 11:01 By Industry News Trend Micro announced its latest breakthrough in network detection and response (NDR) technology: Inline NDR. The technology is available via the Trend Vision One platform, where it improves detection and response across all security functions rather than operating as an

React to this headline:

Loading spinner

Trend Micro Inline NDR enhances threat detection and response Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that

React to this headline:

Loading spinner

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) Read More »

New SOHO router malware aims for cloud accounts, internal company resources

New SOHO router malware aims for cloud accounts, internal company resources 2024-05-02 at 14:46 By Zeljka Zorz Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket and other cloud-based services. “With the stolen key material, the

React to this headline:

Loading spinner

New SOHO router malware aims for cloud accounts, internal company resources Read More »

Infosec products of the month: April 2024

Infosec products of the month: April 2024 2024-05-01 at 05:01 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, Bitdefender, CyberInt, Fastly, Forcepoint, IDnow, Immuta, Index Engines, Invicti Security, LogRhythm, Netwrix, Owl Cyber Defense Solutions, Privacera, Redgate, ShadowDragon, Siemens, Tanium, Trend Micro, TrueMedia.org, Veriato,

React to this headline:

Loading spinner

Infosec products of the month: April 2024 Read More »

New infosec products of the week: April 26, 2024

New infosec products of the week: April 26, 2024 2024-04-26 at 06:03 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micro, Zero Networks, and WhyLabs. Trend Micro launches AI-driven cyber risk management capabilities Trend Micro unveiled AI-driven cyber

React to this headline:

Loading spinner

New infosec products of the week: April 26, 2024 Read More »

GISEC Global 2024 video walkthrough

GISEC Global 2024 video walkthrough 2024-04-24 at 13:01 By Help Net Security In this Help Net Security video, we take you inside GISEC Global, which is taking place from April 23 to April 25, 2024, at the Dubai World Trade Centre. The video features the following vendors: Sophos, Waterfall Security Solutions, UAE Cyber Security Council,

React to this headline:

Loading spinner

GISEC Global 2024 video walkthrough Read More »

Scroll to Top