Credit to Author: Sébastien Dudek| Date: Tue, 11 Jan 2022 00:00:00 +0000
This report is the fourth part of our LoRaWAN security series, and highlights an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. The stack is the root of LoRaWAN implementation and security. We hope to help users secure it and make LoRaWAN communication resistant to critical bugs.
Read more
Credit to Author: Abraham Camba| Date: Mon, 10 Jan 2022 00:00:00 +0000
The Trend Micro™ Managed XDR team addressed a stealthy multilayered attack that progressed from an exploited endpoint vulnerability to the use of legitimate remote access tools including Remote Desktop Protocol (RDP) as its final means of intrusion.
Read more
Credit to Author: Forward-Looking Threat Research Team| Date: Fri, 07 Jan 2022 00:00:00 +0000
The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine.
Read more
Credit to Author: Sébastien Dudek| Date: Thu, 23 Dec 2021 00:00:00 +0000
In this entry we look into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
Read more
We created a free assessment tool for scanning devices to know whether it is at risk for Log4Shell attacks.
Credit to Author: Trend Micro Research| Date: Wed, 15 Dec 2021 00:00:00 +0000
Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users.
Read more
Credit to Author: Nick Dai| Date: Tue, 14 Dec 2021 00:00:00 +0000
Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation.
Read more
Credit to Author: Ranga Duraisamy| Date: Mon, 13 Dec 2021 00:00:00 +0000
Log4Shell., also known as CVE-2021-44228, was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter.
Read more
Credit to Author: Jay Yaneza| Date: Mon, 13 Dec 2021 00:00:00 +0000
By examining Purple Fox’s routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers (SOCs), and security researchers find and weed out Purple Fox infections in their network.
Read more
Credit to Author: Don Ovid Ladores| Date: Fri, 10 Dec 2021 00:00:00 +0000
We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management.
Read more