2022 Review: Trend Transforms to SaaS Cybersecurity
Credit to Author: Lonny Huffar| Date: Fri, 24 Feb 2023 00:00:00 +0000
Transformation to a SaaS-based cybersecurity vendor
Read moretrend micro research : cyber threats
In Review: What GPT-3 Taught ChatGPT in a Year
Credit to Author: Vincenzo Ciancaglini| Date: Tue, 21 Feb 2023 00:00:00 +0000
Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3.
Read moreInvitation to a Secret Event: Uncovering Earth Yako’s Campaigns
Credit to Author: Hara Hiroaki| Date: Thu, 16 Feb 2023 00:00:00 +0000
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.
Read moreCloud-ready and Channel-first
Credit to Author: Mike Milner| Date: Mon, 06 Feb 2023 00:00:00 +0000
Trend Micro named one of 2023’s coolest cloud security companies
Read moreMonthly Threat Webinar Series in 2023: What to Expect
Credit to Author: Jon Clay| Date: Wed, 01 Feb 2023 00:00:00 +0000
Stay informed and stay ahead
Read moreAttacking The Supply Chain: Developer
Credit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
Read more“Payzero” Scams and The Evolution of Asset Theft in Web3
Credit to Author: Fyodor Yarochkin| Date: Wed, 18 Jan 2023 00:00:00 +0000
In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.
Read moreEarth Bogle: Campaigns Target the Middle East with Geopolitical Lures
Credit to Author: Peter Girnus| Date: Tue, 17 Jan 2023 00:00:00 +0000
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.
Read moreAbusing a GitHub Codespaces Feature For Malware Delivery
Credit to Author: Nitesh Surana| Date: Mon, 16 Jan 2023 00:00:00 +0000
Proof of Concept (POC): We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server.
Read moreIcedID Botnet Distributors Abuse Google PPC to Distribute Malware
Credit to Author: Ian Kenefick| Date: Fri, 23 Dec 2022 00:00:00 +0000
We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks.
Read more