Trend Micro Research : Research - Security Ticks

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks 2024-05-01 at 12:16 By This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm’s exploitation of EdgeRouters, complementing the FBI’s advisory from February 27, 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React […]

React to this headline:

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks Read More »

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Research / SecurityTicks

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider 2024-04-18 at 04:16 By On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider Read More »

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear 2024-04-11 at 13:16 By Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear Read More »

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption 2024-04-03 at 14:31 By Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption Read More »

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs 2024-04-02 at 09:01 By This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON. This article is

React to this headline:

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs Read More »

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script 2024-03-26 at 10:31 By This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script Read More »

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk 2024-03-19 at 10:04 By Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk Read More »

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research / SecurityTicks

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks 2024-03-18 at 12:02 By Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. This article is an excerpt from Trend Micro Research, News and

React to this headline:

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks Read More »

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO 2024-03-04 at 11:05 By The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO Read More »

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections 2024-02-26 at 08:42 By During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections Read More »

LockBit Attempts to Stay Afloat With a New Version

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

LockBit Attempts to Stay Afloat With a New Version 2024-02-22 at 10:02 By This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. This article is an excerpt

React to this headline:

LockBit Attempts to Stay Afloat With a New Version Read More »

Earth Preta Campaign Uses DOPLUGS to Target Asia

Earth Preta Campaign Uses DOPLUGS to Target Asia 2024-02-20 at 11:55 By In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Earth Preta Campaign Uses DOPLUGS to Target Asia Read More »

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Expert Perspective, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes 2024-02-13 at 22:16 By This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes Read More »

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day 2024-02-13 at 22:16 By The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day

React to this headline:

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day Read More »

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks 2024-02-07 at 11:33 By In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution. This article is an excerpt from Trend Micro Research, News

React to this headline:

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks Read More »

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets 2024-01-31 at 10:02 By Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted. This

React to this headline:

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets Read More »

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver  2024-01-23 at 10:16 By In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.   This article is an excerpt from

React to this headline:

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver  Read More »

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research / SecurityTicks

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign 2024-01-12 at 09:46 By This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign Read More »

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit

Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Latest News, Trend Micro Research : Research / SecurityTicks

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit 15/12/2023 at 10:50 By In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this

React to this headline:

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit Read More »

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 11/12/2023 at 12:17 By This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. This article is an excerpt from Trend

React to this headline:

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases Read More »