Cryptomining Overview for DevOps
Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery. Read More HERE…
TrendMicro
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners. Read More HERE…
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
Recently, we observed attempts to exploit the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — by malicious actors to deploy cryptocurrency miners. Read More HERE…
Secure application development cloud best practices
The need for agility can often sideline security best practices; we explore how to build with security at the forefront without compromising time to delivery. Read More HERE…
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022. Read More HERE…
Cyber Risk Index (2H’ 2021): An Assessment for Security Leaders
We take a look at our latest Cyber Risk Index (CRI) findings across North America, Europe, Asia-Pacific, and Latin/South America, to help security leaders better understand, communicate, and address their enterprise’s cyber risk. Read More HERE…
An Investigation of the BlackCat Ransomware via Trend Micro Vision One
We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model. Read More HERE…
Cybersecurity Basics: Authentication and Authorization
With most security incidents caused by exposed secrets in DevOps pipelines and tools, proper authentication and authorization is essential. Explore the basics of strong identity management to build more resilient apps. Read More HERE…
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
We discovered active exploitation of a vulnerability in the Spring Framework designated as CVE-2022-22965 that allows malicious actors to download the Mirai botnet malware. Read More HERE…
Why the Mitre Engenuity ATT&CK Evaluations Matter
This year’s MITRE Engenuity™ ATT&CK Evaluation simulates techniques associated with notorious threat groups Wizard Spider and Sandworm to test solutions’ ability to detect and stop APT and Targeted Attacks. Read More HERE…