Credit to Author: Srivathsa Sharma| Date: Fri, 22 Sep 2023 00:00:00 +0000
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Read moreCredit to Author: Shannon Murphy| Date: Thu, 21 Sep 2023 00:00:00 +0000
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro’s 100% successful protection performance.
Read moreCredit to Author: Cedric Pernet| Date: Thu, 21 Sep 2023 00:00:00 +0000
This blog entry details a scheme that exploits the recent Morocco earthquake by impersonating the domain name of a well-known humanitarian organization for financial fraud.
Read moreCredit to Author: Salim S.I.| Date: Wed, 20 Sep 2023 00:00:00 +0000
Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.
Read moreCredit to Author: Ed Cabrera| Date: Tue, 19 Sep 2023 00:00:00 +0000
Behind the scenes of the world of vulnerability intelligence and threat hunting
Read moreCredit to Author: Joseph C Chen| Date: Mon, 18 Sep 2023 00:00:00 +0000
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Read moreCredit to Author: Hitomi Kimura| Date: Wed, 13 Sep 2023 00:00:00 +0000
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Read moreCredit to Author: Ed Cabrera| Date: Fri, 08 Sep 2023 00:00:00 +0000
Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.
Read moreCredit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.
Read moreCredit to Author: Ed Cabrera| Date: Fri, 01 Sep 2023 00:00:00 +0000
A long and challenging journey against cybercrime around the world
Read more