Credit to Author: Mohamed Fahmy| Date: Thu, 02 Feb 2023 00:00:00 +0000
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.
Read moreCredit to Author: Jon Clay| Date: Wed, 01 Feb 2023 00:00:00 +0000
Stay informed and stay ahead
Read moreCredit to Author: Nathaniel Morales| Date: Thu, 26 Jan 2023 00:00:00 +0000
Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage.
Read moreCredit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
Read moreCredit to Author: Ieriz Nicolle Gonzalez| Date: Tue, 24 Jan 2023 00:00:00 +0000
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.
Read moreCredit to Author: Jon Clay| Date: Tue, 24 Jan 2023 00:00:00 +0000
It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy.
Read moreCredit to Author: Greg Young| Date: Thu, 19 Jan 2023 00:00:00 +0000
Explore how businesses can make internal and external attack surface management (ASM) actionable.
Read moreCredit to Author: Fyodor Yarochkin| Date: Wed, 18 Jan 2023 00:00:00 +0000
In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.
Read moreCredit to Author: Michael Langford| Date: Wed, 11 Jan 2023 00:00:00 +0000
HSTS is an Internet standard and policy that tells the browser to only interact with a website using a secure HTTPS connection. Check out this article to learn how to leverage the security of your website and customers’ data and the security benefits you’ll gain from doing so.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Tue, 17 Jan 2023 00:00:00 +0000
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
Read more