Credit to Author: AI Team| Date: Mon, 30 Sep 2024 00:00:00 +0000
Fall is in the air and frameworks for mitigating AI risk are dropping like leaves onto policymakers’ desks. From California’s SB 1047 bill and NIST’s model-testing deal with OpenAI and Anthropic to REAIM’s blueprint for military AI governance, AI regulation is proving to be a hot and complicated topic.
Read moreCredit to Author: Ryan Soliven| Date: Mon, 30 Sep 2024 00:00:00 +0000
Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.
Read moreCredit to Author: Juan Pablo Castro| Date: Thu, 26 Sep 2024 00:00:00 +0000
Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach.
Read moreCredit to Author: Jon Clay| Date: Tue, 24 Sep 2024 00:00:00 +0000
AI-driven insights for managing emerging threats and minimizing organizational risk
Read moreCredit to Author: Kyle Philippe Yu| Date: Fri, 20 Sep 2024 00:00:00 +0000
Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.
Read moreCredit to Author: AI Team| Date: Thu, 19 Sep 2024 00:00:00 +0000
This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Read moreCredit to Author: Abdelrahman Esmail| Date: Fri, 30 Aug 2024 00:00:00 +0000
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
Read moreCredit to Author: Ted Lee| Date: Thu, 19 Sep 2024 00:00:00 +0000
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Read moreCredit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.
Read moreCredit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.
Read more