Credit to Author: Sunil Bharti| Date: Wed, 21 Sep 2022 00:00:00 +0000
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.
Read moreCredit to Author: Ryan Flores| Date: Tue, 20 Sep 2022 00:00:00 +0000
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.
Read moreCredit to Author: Sunil Bharti| Date: Wed, 14 Sep 2022 00:00:00 +0000
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.
Read moreCredit to Author: Ryan Soliven| Date: Wed, 24 Aug 2022 00:00:00 +0000
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Read moreCredit to Author: David Fiser| Date: Wed, 17 Aug 2022 00:00:00 +0000
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows.
Read more
Credit to Author: Joelson Soares| Date: Wed, 20 Jul 2022 00:00:00 +0000
We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report.
Read more
In the final chapter of our blog series, we discuss mitigating strategies and recommendations to keep DDS protected from malicious actors.
In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations.
Credit to Author: Magno Logan| Date: Thu, 07 Jul 2022 00:00:00 +0000
We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that malicious actors exploit for easy monetary gain.
Read more
In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate risks associated with it.