Monday, November 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

trend micro research : exploits & vulnerabilities

Security TrendMicro 

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

admin , , ,

Credit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

Read more
Security TrendMicro 

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

admin , ,

Credit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Read more
Security TrendMicro 

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

admin , , , , ,

Credit to Author: Abdelrahman Esmail| Date: Wed, 28 Aug 2024 00:00:00 +0000

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Read more
Security TrendMicro 

Bringing Security Back into Balance

admin , , , , , , ,

Credit to Author: Eva Chen| Date: Sun, 04 Aug 2024 00:00:00 +0000

This article by Trend Micro CEO Eva Chen brings focus back to striking the cybersecurity strategies balance between business C-suite and information technology (IT) departments.

Read more
Security TrendMicro 

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

admin , , ,

Credit to Author: Jagir Shastri| Date: Wed, 17 Jul 2024 00:00:00 +0000

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Read more
Security TrendMicro 

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

admin

Credit to Author: Peter Girnus| Date: Mon, 15 Jul 2024 00:00:00 +0000

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Read more
Security TrendMicro 

Network detection & response: the SOC stress reliever

admin , , , , , ,

Credit to Author: Trend Micro Research| Date: Tue, 09 Jul 2024 00:00:00 +0000

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Read more
Security TrendMicro 

Why You Need Network Detection & Response Now

admin , , , , , ,

Credit to Author: Trend Micro Research| Date: Tue, 09 Jul 2024 00:00:00 +0000

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Read more