SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability. Read More HERE…
Trend Micro Research : Exploits&Vulnerabilities
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative. Read More HERE…
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution. Read More HERE…
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted. Read More HERE…
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload. Read More HERE…
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal. Read More HERE…
Opening Critical Infrastructure: The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem. Read More HERE…
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. Read More HERE…
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. Read More HERE…
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. Read More HERE…