S4x23 Review Part 2: Evolving Energy Cybersecurity

Credit to Author: Kazuhisa Tagaya| Date: Mon, 13 Mar 2023 00:00:00 +0000

In this second report on S4x23 held last February, this article introduces the discussion on cyber security in the energy industry, which was one of the topics that attracted attention.

Read more

S4x23 Review Part 1: What’s New in OT Security

Credit to Author: Kazuhisa Tagaya| Date: Fri, 03 Mar 2023 00:00:00 +0000

This blog introduces discussions from S4x23, the ICS security conference in Miami over several posts. The first installment will cover two topics from the academic interviews.

Read more

In Review: What GPT-3 Taught ChatGPT in a Year

Credit to Author: Vincenzo Ciancaglini| Date: Tue, 21 Feb 2023 00:00:00 +0000

Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3.

Read more

Attacking The Supply Chain: Developer

Credit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

Read more

CISO’s Challenges Involved with Business Leader & SOC

Credit to Author: Kazuhisa Tagaya| Date: Mon, 26 Dec 2022 00:00:00 +0000

Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT.

Read more

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Credit to Author: Nitesh Surana| Date: Wed, 26 Oct 2022 00:00:00 +0000

We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools.

Read more

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Credit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.

Read more

Better Together: AWS and Trend Micro


This post relays the latest threat detection tool innovation of AWS – Amazon GuardDuty Malware Protection. This tool works closely with Trend Micro cloud solutions, providing another valuable layer of defense in our fight against a shared adversary.

Read more