An In-Depth Look at ICS Vulnerabilities Part 3
In our series wrap-up, we look into CVEs that affect critical manufacturing based on MITRE’s matrix. We also explore common ICS-affecting vulnerabilities identified in 2021.
trend micro research : articles, news, reports
MITRE Engenuity ATT&CK Tests
Trend Micro Vision One achieved a protection score of 100% in this year’s evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Credit to Author: Earle Maui Earnshaw| Date: Tue, 05 Apr 2022 00:00:00 +0000
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.
Read moreMacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
Credit to Author: Mickey Jin| Date: Mon, 04 Apr 2022 00:00:00 +0000
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Read moreAn In-Depth Look at ICS Vulnerabilities Part 2
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.
This Week in Security News – April 1, 2022
Credit to Author: Jon Clay| Date: Fri, 01 Apr 2022 00:00:00 +0000
Probing the activities of cloud-based cryptocurrency-mining groups, and Lapsus$ ‘back from vacation’
Read moreAn In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
Credit to Author: Mayra Rosario Fuentes| Date: Tue, 29 Mar 2022 00:00:00 +0000
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency.
Read morePurple Fox Uses New Arrival Vector and Improves Malware Arsenal
Credit to Author: Sherif Magdy| Date: Fri, 25 Mar 2022 00:00:00 +0000
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers.
Read moreThis Week in Security News – March 25, 2022
Credit to Author: Jon Clay| Date: Fri, 25 Mar 2022 00:00:00 +0000
An investigation of cryptocurrency scams and schemes, and Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Read more