MDR in Action: Preventing The More_eggs Backdoor From Hatching

Credit to Author: Ryan Soliven| Date: Mon, 30 Sep 2024 00:00:00 +0000

Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.

Read more

Cybersecurity Compass: Bridging the Communication Gap

Credit to Author: Juan Pablo Castro| Date: Thu, 26 Sep 2024 00:00:00 +0000

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach.

Read more

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Credit to Author: Kyle Philippe Yu| Date: Fri, 20 Sep 2024 00:00:00 +0000

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Read more

Identifying Rogue AI

Credit to Author: AI Team| Date: Thu, 19 Sep 2024 00:00:00 +0000

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

Read more

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Credit to Author: Ted Lee| Date: Thu, 19 Sep 2024 00:00:00 +0000

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Read more

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Credit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

Read more

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

Credit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Read more

Earth Preta Evolves its Attacks with New Malware and Strategies

Credit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Read more