TrendMicro
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
Credit to Author: Ivan Nicole Chavez| Date: Mon, 25 Jul 2022 00:00:00 +0000
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware.
Read moreAlibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
Credit to Author: Alfredo Oliveira| Date: Thu, 21 Jul 2022 00:00:00 +0000
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
Read moreImproving Software Supply Chain Cybersecurity
Credit to Author: William Malik| Date: Wed, 20 Jul 2022 00:00:00 +0000
Explore use cases for software supply chain cyberattacks and mitigation strategies to improve security maturity and reduce cyber risk.
Read moreAnalyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
Credit to Author: Joelson Soares| Date: Wed, 20 Jul 2022 00:00:00 +0000
We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report.
Read moreTop 5 Infrastructure as Code Security Challenges
Credit to Author: Michael Langford| Date: Fri, 15 Jul 2022 00:00:00 +0000
Learn how to counteract the top five challenges of IaC and discover how these obstacles pose a threat to security and gain valuable insight in how to mitigate these risks.
Read moreData Distribution Service: Mitigating Risks Part 3
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
Data Distribution Service: Exploring Vulnerabilities and Risks Part 2
In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations.
Worldwide 2021 Email Phishing Statistics & Examples
Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2021.
How Shady Code Commits Compromise the Security of the Open-Source Ecosystem
Credit to Author: Trend Micro Research| Date: Mon, 11 Jul 2022 00:00:00 +0000
In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community.
Read more