Earth Preta Campaign Uses DOPLUGS to Target Asia 2024-02-20 at 11:55 By In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
Earth Preta Campaign Uses DOPLUGS to Target Asia Read More »
SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes 2024-02-13 at 22:16 By This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes Read More »
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day 2024-02-13 at 22:16 By The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day
React to this headline:
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day Read More »
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks 2024-02-07 at 11:33 By In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution. This article is an excerpt from Trend Micro Research, News
React to this headline:
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets 2024-01-31 at 10:02 By Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted. This
React to this headline:
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets Read More »
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 2024-01-23 at 10:16 By In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware. This article is an excerpt from
React to this headline:
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver Read More »
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign 2024-01-12 at 09:46 By This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign Read More »
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit 15/12/2023 at 10:50 By In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this
React to this headline:
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit Read More »
Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 11/12/2023 at 12:17 By This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. This article is an excerpt from Trend
React to this headline:
Opening Critical Infrastructure: The Current State of Open RAN Security 01/12/2023 at 11:17 By The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
React to this headline:
Opening Critical Infrastructure: The Current State of Open RAN Security Read More »
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil 23/11/2023 at 11:31 By We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil Read More »
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing 22/11/2023 at 10:11 By The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. This article is an excerpt from
React to this headline:
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing Read More »
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 20/11/2023 at 12:17 By We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. This article is an excerpt from Trend Micro Research, News and Perspectives
React to this headline:
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 10/11/2023 at 13:18 By We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 Read More »
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from
React to this headline:
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores 24/10/2023 at 06:43 By In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. This article is an excerpt from Trend
React to this headline:
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores Read More »
Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
Beware: Lumma Stealer Distributed via Discord CDN Read More »
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News
React to this headline:
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »
Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
Exposing Infection Techniques Across Supply Chains and Codebases Read More »
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and
React to this headline:
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »