Identifying Rogue AI
Credit to Author: AI Team| Date: Thu, 19 Sep 2024 00:00:00 +0000
This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Read moretrend micro research : articles, news, reports
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
Credit to Author: Abdelrahman Esmail| Date: Fri, 30 Aug 2024 00:00:00 +0000
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
Read moreEarth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
Credit to Author: Ted Lee| Date: Thu, 19 Sep 2024 00:00:00 +0000
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.
Read moreVulnerabilities in Cellular Packet Cores Part IV: Authentication
Credit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.
Read moreProtecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
Credit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.
Read moreEarth Preta Evolves its Attacks with New Malware and Strategies
Credit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
Read moreTIDRONE Targets Military and Satellite Industries in Taiwan
Credit to Author: Pierre Lee| Date: Fri, 06 Sep 2024 00:00:00 +0000
Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.
Read moreBanking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command
Credit to Author: Mhica Romero| Date: Thu, 05 Sep 2024 00:00:00 +0000
Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.
Read moreEarth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
Credit to Author: Cedric Pernet| Date: Wed, 04 Sep 2024 00:00:00 +0000
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Read moreHow AI Goes Rogue
Credit to Author: AI Team| Date: Tue, 03 Sep 2024 00:00:00 +0000
This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Read more