trend micro research : research – Page 23

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

Credit to Author: Deep Patel| Date: Fri, 08 Apr 2022 00:00:00 +0000

We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware.

Security TrendMicro

Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™

April 6, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : exploits & vulnerabilities, trend micro research : research

Credit to Author: Sunil Bharti| Date: Wed, 06 Apr 2022 00:00:00 +0000

We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847. 

Security TrendMicro

An In-Depth Look at ICS Vulnerabilities Part 3

April 5, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : ics ot, trend micro research : malware, trend micro research : ransomware, trend micro research : research

In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.

Security TrendMicro

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

April 5, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : cyber threats, trend micro research : ransomware, trend micro research : research

Credit to Author: Earle Maui Earnshaw| Date: Tue, 05 Apr 2022 00:00:00 +0000

Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.

Security TrendMicro

MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639

April 4, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : research

Credit to Author: Mickey Jin| Date: Mon, 04 Apr 2022 00:00:00 +0000

We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.

Security TrendMicro

An In-Depth Look at ICS Vulnerabilities Part 2

April 4, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : cyber threats, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : ics ot, trend micro research : ransomware, trend micro research : research

In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.

Security TrendMicro

An In-Depth Look at ICS Vulnerabilities Part 1

March 29, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : cyber threats, trend micro research : endpoints, trend micro research : exploits & vulnerabilities, trend micro research : ics ot, trend micro research : malware, trend micro research : research

In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.

Security TrendMicro

Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

March 29, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : cloud, trend micro research : cyber threats, trend micro research : research

Credit to Author: Mayra Rosario Fuentes| Date: Tue, 29 Mar 2022 00:00:00 +0000

One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency.

Security TrendMicro

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

March 25, 2022 0 Comments trend micro research : articles, news, reports, trend micro research : cyber crime, trend micro research : endpoints, trend micro research : malware, trend micro research : research

Credit to Author: Sherif Magdy| Date: Fri, 25 Mar 2022 00:00:00 +0000

Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers.

Security TrendMicro