Top IT Security Bloggers

Trend Micro - Security Intelligence
  • Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks

    Trend Micro - Security Intelligence
    Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phishing...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks
  • April Android Security Bulletin Addresses Critical H.264 and H.265 Decoder Vulnerabilities

    Trend Micro - Security Intelligence
    In April’s Android Security Bulletin, we discovered and privately disclosed seven vulnerabilities—three of which were rated as Critical, one as High, and another three as Moderate.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    April Android Security Bulletin Addresses Critical H.264 and H.265 Decoder Vulnerabilities
  • DressCode Android Malware Finds Apparent Successor in MilkyDoor

    Trend Micro - Security Intelligence
    Mobile malware's disruptive impact on enterprises continues to see an uptick in prevalence as mobile devices become an increasingly preferred platform to flexibly access and manage data. We recently found 200 unique Android apps—with installs ranging between 500,000 and a million on Google Play—embedded with a backdoor: MilkyDoor (detected by Trend Micro as ANDROIDOS_MILKYDOOR.A).
    MilkyDoor is similar to DressCode (ANDROIDOS_SOCKSBOT.A)—an Android malware family that adversely affected enterprises—given that both employ a proxy using Secure Socket (SOCKS) protocol to gain a foothold into internal networks that infected mobile devices connect to. MilkyDoor, maybe inadvertently, provides attackers a way to conduct reconnaissance and access an enterprise’s vulnerable services by setting the SOCKS proxies. Further, this is carried out without the user’s knowledge or consent.
    While MilkyDoor appears to be DressCode’s successor, MilkyDoor adds a few malicious tricks of its own. Among them are its more clandestine routines that enable it to bypass security restrictions and conceal its malicious activities within normal network traffic. It does so by using remote port forwarding via Secure Shell (SSH) tunnel through the commonly used Port 22. The abuse of SSH helps the malware encrypt malicious traffic and payloads, which makes detection of the malware trickier.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    DressCode Android Malware Finds Apparent Successor in MilkyDoor
  • Fake Super Mario Run App Steals Credit Card Information

    Trend Micro - Security Intelligence
    By Jordan Pan and Masashi Yamamoto Trend Micro has identified more malicious Android apps abusing the name of the popular mobile game Super Mario Run. We earlier reported about how fake apps were using the app’s popularity to spread; attackers have now released versions of these fake apps that steal the user’s credit card information. Super Mario Run...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Fake Super Mario Run App Steals Credit Card Information
  • RawPOS: New Behavior Risks Identity Theft

    Trend Micro - Security Intelligence
    Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    RawPOS: New Behavior Risks Identity Theft
  • Of Pigs and Malware: Examining a Possible Member of the Winnti Group

    Trend Micro - Security Intelligence
    In one of our previous blog entries, we covered how GitHub was being used to spread malware. In this entry, we take a closer look at an individual who we believe might be connected to the threat actor behind the malware.
    A careful analysis of the domain registrations from this threat actor between 2014 and 2015 allowed us to identify one profile used to register several domains that were used as C&C servers for a particular malware family employed by the Winnti group. In particular, we managed to gather details on an individual using the handle Hack520, who we believe is connected to Winnti.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Of Pigs and Malware: Examining a Possible Member of the Winnti Group
  • April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks

    Trend Micro - Security Intelligence
    One of the major updates for this month’s Patch Tuesday addresses CVE-2017-0199, a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office. This flaw is currently being exploited by the notorious DRIDEX banking trojan.
    Threat actors leveraging this vulnerability do so via a spam campaign in which the attacker sends an email with an embedded Microsoft Word document to a targeted user. When the user opens the attached document, the hidden exploit code connects to a remote server that fetches malicious files, which are DRIDEX variants(detected by Trend Micro as TSPY_DRIDEX.SLP, TROJ_CVE20170199.B and TROJ_CVE20170199.C).
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks
  • How Mobile Phones Turn Into A Corporate Threat

    Trend Micro - Security Intelligence
    Over the last year, the number of mobile phones overtook the world population. In countries like the United States, mobile subscribers outnumbered traditional landline users and half of Americans shifted to mobile-only to communicate. In modern smart cities, wireless-only buildings are becoming the new construction standard for homes, factories, and organizations in general. Landline phones are going away—sooner rather than later.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    How Mobile Phones Turn Into A Corporate Threat
  • Smart Whitelisting Using Locality Sensitive Hashing

    Trend Micro - Security Intelligence
    Locality Sensitive Hashing (LSH) is an algorithm known for enabling scalable, approximate nearest neighbor search of objects. LSH enables a precomputation of a hash that can be quickly compared with another hash to ascertain their similarity. A practical application of LSH would be to employ it to optimize data processing and analysis. An example is transportation company Uber, which implemented LSH in the infrastructure that handles much of its data to identify trips with overlapping routes and reduce inconsistencies in GPS data. Trend Micro has been actively researching and publishing reports in this field since 2009. In 2013, we open sourced an implementation of LSH suitable for security solutions: Trend Micro Locality Sensitive Hashing (TLSH).
    TLSH is an approach to LSH, a kind of fuzzy hashing that can be employed in machine learning extensions of whitelisting. TLSH can generate hash values which can then be analyzed for similarities. TLSH helps determine if the file is safe to be run on the system based on its similarity to known, legitimate files. Thousands of hashes of different versions of a single application, for instance, can be sorted through and streamlined for comparison and further analysis. Metadata, such as certificates, can then be utilized to confirm if the file is legitimate.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Smart Whitelisting Using Locality Sensitive Hashing
  • IIS 6.0 Vulnerability Leads to Code Execution

    Trend Micro - Security Intelligence
    Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    IIS 6.0 Vulnerability Leads to Code Execution

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place