Credit to Author: Vickie Su| Date: Fri, 02 Sep 2022 00:00:00 +0000
In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities.
Read moreCredit to Author: Trend Micro Research| Date: Wed, 31 Aug 2022 00:00:00 +0000
This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.”
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 25 Aug 2022 00:00:00 +0000
A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Read moreCredit to Author: Ryan Soliven| Date: Wed, 24 Aug 2022 00:00:00 +0000
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Read moreCredit to Author: Magno Logan| Date: Tue, 16 Aug 2022 00:00:00 +0000
This blog entry discusses what an OPA is and what it’s for, what we’ve discovered after identifying 389 exposed OPA servers via Shodan, and how exposed OPAs can negatively impact your applications’ overall security.
Read moreCredit to Author: Trend Micro Research| Date: Tue, 09 Aug 2022 00:00:00 +0000
This report shares threat predictions concerning a rapidly evolving area of the physical and digital word – the metaverse. We refine our definition of the metaverse, while identifying threats against it and inside it.
Read moreCredit to Author: Nathaniel Morales| Date: Tue, 02 Aug 2022 00:00:00 +0000
This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users. The SolidBit ransomware group appears to be planning to expand its operations through these fraudulent apps and its recruitment of ransomware-as-a-service affiliates.
Read moreCredit to Author: Buddy Tancio| Date: Wed, 27 Jul 2022 00:00:00 +0000
Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics.
Read more
Credit to Author: Alfredo Oliveira| Date: Thu, 21 Jul 2022 00:00:00 +0000
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
Read more
Credit to Author: Joelson Soares| Date: Wed, 20 Jul 2022 00:00:00 +0000
We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report.
Read more