Latest on OpenSSL 3.0.7 Bug & Security-Fix
Credit to Author: Eric Skinner| Date: Mon, 31 Oct 2022 00:00:00 +0000
Potential disruptions following vulnerabilities found in OpenSSL.
Read moretrend micro research : exploits & vulnerabilities
Latest on OpenSSL 3.0 Critical Bug & Security-Fix
Credit to Author: Eric Skinner| Date: Mon, 31 Oct 2022 00:00:00 +0000
Potential disruptions following vulnerabilities found in OpenSSL.
Read moreLatest on OpenSSL 3.0.7 Critical Bug & Security-Fix
Credit to Author: Eric Skinner| Date: Mon, 31 Oct 2022 00:00:00 +0000
Potential disruptions following vulnerabilities found in OpenSSL.
Read moreThreat Actors Target AWS EC2 Workloads to Steal Credentials
Credit to Author: Nitesh Surana| Date: Wed, 26 Oct 2022 00:00:00 +0000
We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools.
Read moreHow Underground Groups Use Stolen Identities and Deepfakes
Credit to Author: Vladimir Kropotov| Date: Tue, 27 Sep 2022 00:00:00 +0000
The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.
Read moreAtlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
Credit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.
Read moreSecurity Risks in Logistics APIs Used by E-Commerce Platforms
Credit to Author: Ryan Flores| Date: Tue, 20 Sep 2022 00:00:00 +0000
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.
Read moreA Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
Credit to Author: Sunil Bharti| Date: Wed, 14 Sep 2022 00:00:00 +0000
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.
Read moreRansomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
Credit to Author: Ryan Soliven| Date: Wed, 24 Aug 2022 00:00:00 +0000
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Read moreAnalyzing the Hidden Danger of Environment Variables for Keeping Secrets
Credit to Author: David Fiser| Date: Wed, 17 Aug 2022 00:00:00 +0000
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows.
Read more