Credit to Author: Ranga Duraisamy| Date: Wed, 30 Oct 2024 00:00:00 +0000
In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.
Read moreCredit to Author: Ryan Maglaque| Date: Thu, 24 Oct 2024 00:00:00 +0000
While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures.
Read moreCredit to Author: Buddy Tancio| Date: Wed, 23 Oct 2024 00:00:00 +0000
How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.
Read moreCredit to Author: Abdelrahman Esmail| Date: Tue, 22 Oct 2024 00:00:00 +0000
In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.
Read moreCredit to Author: Mohamed Fahmy| Date: Fri, 11 Oct 2024 00:00:00 +0000
Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East.
Read moreCredit to Author: Sunil Bharti| Date: Mon, 21 Oct 2024 00:00:00 +0000
We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.
Read moreCredit to Author: AI Team| Date: Thu, 17 Oct 2024 00:00:00 +0000
This is the latest blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.
Read moreCredit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000
This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.
Read more