Credit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.
Read moreCredit to Author: Michael Draeger| Date: Tue, 10 Jan 2023 00:00:00 +0000
Running real-world attack simulations can help improve organizations’ cybersecurity resilience
Read moreCredit to Author: Jiri Sykora| Date: Wed, 21 Dec 2022 00:00:00 +0000
We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™.
Read moreCredit to Author: Mickey Jin| Date: Wed, 21 Dec 2022 00:00:00 +0000
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.
Read moreCredit to Author: Jon Clay| Date: Fri, 16 Dec 2022 00:00:00 +0000
Trend Micro will be joining Google’s App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.
Read moreCredit to Author: Mickey Jin| Date: Tue, 20 Dec 2022 00:00:00 +0000
More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain.
Read moreCredit to Author: Feike Hacquebord| Date: Thu, 15 Dec 2022 00:00:00 +0000
Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations (“revolutions”) they can redirect their criminal enterprises to in the long run.
Read moreCredit to Author: Jaromir Horejsi| Date: Wed, 14 Dec 2022 00:00:00 +0000
This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms.
Read moreCredit to Author: Mickey Jin| Date: Fri, 11 Nov 2022 00:00:00 +0000
This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).
Read moreCredit to Author: Hara Hiroaki| Date: Wed, 09 Nov 2022 00:00:00 +0000
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
Read more