Credit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000
This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.
Read moreCredit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000
This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.
Read moreCredit to Author: Kyle Philippe Yu| Date: Fri, 20 Sep 2024 00:00:00 +0000
Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.
Read moreCredit to Author: Trent Bessell| Date: Thu, 22 Aug 2024 00:00:00 +0000
Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.
Read moreCredit to Author: Sara Atie| Date: Tue, 23 Jul 2024 00:00:00 +0000
Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing)
Read moreCredit to Author: Cj Arsley Mateo| Date: Fri, 19 Jul 2024 00:00:00 +0000
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.
Read moreCredit to Author: Darrel Tristan Virtusio| Date: Wed, 05 Jun 2024 00:00:00 +0000
In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.
Read moreCredit to Author: Christopher Boyton| Date: Wed, 03 Apr 2024 00:00:00 +0000
Our new article provides key highlights and takeaways from Operation Cronos’ disruption of LockBit’s operations, as well as telemetry details on how LockBit actors operated post-disruption.
Read moreCredit to Author: Arianne Dela Cruz| Date: Tue, 26 Mar 2024 00:00:00 +0000
This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Tue, 19 Mar 2024 00:00:00 +0000
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
Read more