Credit to Author: Hitomi Kimura| Date: Wed, 22 Nov 2023 00:00:00 +0000
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Read moreCredit to Author: Peter Girnus| Date: Mon, 20 Nov 2023 00:00:00 +0000
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Read moreCredit to Author: Veronica Chierzi| Date: Tue, 14 Nov 2023 00:00:00 +0000
This blog entry explores the effectiveness of ChatGPT’s safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Read moreCredit to Author: Sophia Nilette Robles| Date: Fri, 10 Nov 2023 00:00:00 +0000
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Read moreCredit to Author: Buddy Tancio| Date: Thu, 09 Nov 2023 00:00:00 +0000
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Read moreCredit to Author: Salim S.I.| Date: Fri, 20 Oct 2023 00:00:00 +0000
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
Read moreCredit to Author: Carl Malipot| Date: Mon, 16 Oct 2023 00:00:00 +0000
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Read moreCredit to Author: Feike Hacquebord| Date: Fri, 13 Oct 2023 00:00:00 +0000
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Read moreCredit to Author: Aliakbar Zahravi| Date: Thu, 05 Oct 2023 00:00:00 +0000
This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Read moreCredit to Author: Joseph C Chen| Date: Mon, 18 Sep 2023 00:00:00 +0000
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Read more