Are Endpoints at Risk for Log4Shell Attacks?
We created a free assessment tool for scanning devices to know whether it is at risk for Log4Shell attacks. Read More HERE…
Trend Micro Research : Research
Volatile and Adaptable: Tracking the Movements of Modern Ransomware
Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users. Read More HERE…
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Read More HERE…
Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
Log4Shell., also known as CVE-2021-44228, was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter. Read More HERE…
A Look Into Purple Fox’s Server Infrastructure
By examining Purple Fox’s routines and activities, both with our initial research and the subject matter we cover in this blog post, we hope to help incident responders, security operation centers (SOCs), and security researchers find and weed out Purple Fox infections in their network. Read More HERE…
New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes
We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management. Read More HERE…
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
In our study, we relied on the tactics, techniques, and procedures of MITRE ATT&CK to define the malware capabilities and characteristics of IoT Linux malware. We describe our findings and how IoT malware has been evolving. Read More HERE…
Analyzing How TeamTNT Used Compromised Docker Hub Accounts
Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of. Read More HERE…
What You Can Do to Mitigate Cloud Misconfigurations
Cloud misconfigurations can become opportunities for cyberattacks or lead to data breaches. Organizations must mitigate them before incurring significant and costly consequences. Read More HERE…
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) for some time now. While previous versions of the malware have been covered by other researchers, our blog entry focuses on the malicious actor’s latest attacks. Read More HERE…