Top IT Security Bloggers

TrendLabs - Malware Blog
  • Avalanche: Thwarting Cybercriminal Hazards with Law Enforcement Collaboration

    TrendLabs - Malware Blog
    On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infected machines worldwide, and 130TB of captured and analyzed data.
    The coordinated effort from international law enforcement agencies that include Germany’s Public Prosecutor’s Office Verden and the Lüneburg Police, the U.S.’s Attorney Office for the Western District of Pennsylvania, Department of Justice and the Federal Bureau of Investigation (FBI), Europol, and Eurojust as well as partners in ShadowServer, resulted in one of the most successful anti-cybercrime operations in recent years.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Avalanche: Thwarting Cybercriminal Hazards with Law Enforcement Collaboration
  • New Flavor of Dirty COW Attack Discovered, Patched

    TrendLabs - Malware Blog
    Dirty COW (designated as CVE-2016-5195) is a Linux vulnerability that was first disclosed to the public in October 2016. It was a serious privilege escalation flaw that allowed an attacker to gain root access on the targeted system; other methods were needed to run any code on the targeted machine. We have found a new way to target Dirty COW that is different from existing attacks.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New Flavor of Dirty COW Attack Discovered, Patched
  • One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild

    TrendLabs - Malware Blog
    Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild
  • New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer

    TrendLabs - Malware Blog
    In January of 2016, we found various "SmsSecurity" mobile apps that claimed to be from various banks. Since then, we've found some new variants of this attack that add new malicious capabilities. These capabilities include: anti-analysis measures, automatic rooting, language detection, and remote access via TeamViewer. In addition, SmsSecurity now cleverly uses the accessibility features of Android to help carry out its routines in a stealthy manner, without interaction from the user.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer
  • HDDCryptor: Subtle Updates, Still a Credible Threat

    TrendLabs - Malware Blog
    Since first writing about the discovery of HDDCryptor back in September, we have been tracking this ransomware closely as it has evolved. Last week, a new version was spotted in the wild, and based on our analysis, we believe that this variant is the one used in a recent attack against San Francisco Municipal Transport Agency (SFMTA).
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    HDDCryptor: Subtle Updates, Still a Credible Threat
  • CEO Fraud Email Scams Target Healthcare Institutions

    TrendLabs - Malware Blog
    A series of Business Email Compromise (BEC) campaigns that used CEO fraud schemes was seen targeting 17 healthcare institutions in the US, ten in the UK, and eight in Canada over the past two weeks. These institutions range from general hospitals and teaching hospitals to specialty care and walk-in clinics. Even pharmaceutical companies were not safe from the BEC scams, as one UK-based company and two Canadian pharma companies were also targeted.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    CEO Fraud Email Scams Target Healthcare Institutions
  • Selling Online Gaming Currency: How It Makes Way for Attacks Against Enterprises

    TrendLabs - Malware Blog
    Offhand, companies and enterprises being affected by attacks like DDoS against the online gaming industry may be far-fetched. But the gaming industry, being a billion-dollar business with a continuously growing competitive community, is naturally bound to garner attention from cybercriminals. A recent wire fraud case, for instance, allowed a group of hackers to mine $16 million worth of coins in the hugely popular FIFA series and sell them to buyers in Europe and China. And in our research, we found that the sale of such gaming currencies sends ripples of impact to fund cybercrime operations often targeting entities however unrelated to online gaming.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Selling Online Gaming Currency: How It Makes Way for Attacks Against Enterprises
  • Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files

    TrendLabs - Malware Blog
    Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files hostage can adversely affect the business’s operations and bottom line.
    A known ransomware peddled as a turnkey service to budding cybercriminals, Cerber has metamorphosed into a myriad of versions throughout its lifecycle. It picked up more tricks along the way, some of which include integrating a DDoS component, using double-zipped Windows Script Files, and leveraging a cloud productivity platform, even serving as secondary payload for an information-stealing Trojan.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
  • Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched

    TrendLabs - Malware Blog
    The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. This is exactly what we saw in late October and early November 2016, when the espionage group Pawn Storm (also known as Fancy Bear, APT28, Sofacy, and STRONTIUM) ramped up its spear-phishing campaigns against various governments and embassies around the world.  In these campaigns, Pawn Storm used a previously unknown zero-day in Adobe’s Flash (CVE-2016-7855, fixed on October 26, 2016 with an emergency update) in combination with a privilege escalation in Microsoft’s Windows Operating System (CVE-2016-7255) that was fixed on November 8, 2016.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched
  • Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important

    TrendLabs - Malware Blog
    November is the second-to-last Patch Tuesday of 2016, and it brings a slightly higher than typical number of bulletins: six Critical bulletins and eight Important bulletins. The 8th is the earliest date that Patch Tuesday can take place in a month; December's Patch Tuesday (and the last of 2016) takes place in exactly five weeks. Among the items fixed today was the zero-day vulnerability in Windows that was used in the same attacks at the Adobe Flash Player zero-day in late October.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release