As organizations shift to the cloud in droves, their digital attack surface continues to rapidly expand. And with the number of threats rapidly increasing, security leaders need to enhance their attack surface risk management. We explore how a unified cybersecurity platform can help improve your defenses against cyber risk in comparison to point products.
Credit to Author: Nitesh Surana| Date: Wed, 20 Apr 2022 00:00:00 +0000
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners.
Read more
Credit to Author: Nitesh Surana| Date: Wed, 20 Apr 2022 00:00:00 +0000
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
Read more
Credit to Author: Lucas Silva| Date: Mon, 18 Apr 2022 00:00:00 +0000
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model.
Read more
In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.
Trend Micro Vision One achieved a protection score of 100% in this year’s evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
Credit to Author: Mickey Jin| Date: Mon, 04 Apr 2022 00:00:00 +0000
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Read more
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.
Credit to Author: Jon Clay| Date: Fri, 01 Apr 2022 00:00:00 +0000
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’
Read more
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.