Making the digital world safer, one Tesla at a time
Contestants gather at Pwn2Own Vancouver to showcase their skills and uncover vulnerabilities Read More HERE…
Trend Micro Research : Exploits&Vulnerabilities
Earth Preta’s Cyberespionage Campaign Hits Over 200
We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. Read More HERE…
Patch CVE-2023-23397 Immediately: What You Need To Know and Do
We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System (CVSS) scale. Read More HERE…
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems. Read More HERE…
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023. Read More HERE…
Attacking The Supply Chain: Developer
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”. Read More HERE…
What is Red Teaming & How it Benefits Orgs
Running real-world attack simulations can help improve organizations’ cybersecurity resilience Read More HERE…
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800
This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. Read More HERE…
Detecting Windows AMSI Bypass Techniques
We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™. Read More HERE…