Top IT Security Bloggers

Trend Micro - Security Intelligence
  • Following the Trail of BlackTech’s Cyber Espionage Campaigns

    Trend Micro - Security Intelligence
    BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology.
    Following their activities and evolving tactics and techniques helped us uncover the proverbial red string of fate that connected three seemingly disparate campaigns: PLEAD, Shrouded Crossbow, and of late, Waterbear.
    Over the course of their campaigns, we analyzed their modus operandi and dissected their tools of the trade—and uncovered common denominators indicating that PLEAD, Shrouded Crossbow, and Waterbear may actually be operated by the same group.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Following the Trail of BlackTech’s Cyber Espionage Campaigns
  • AdGholas Malvertising Campaign Employs Astrum Exploit Kit

    Trend Micro - Security Intelligence
    At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the...
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    AdGholas Malvertising Campaign Employs Astrum Exploit Kit
  • Erebus Resurfaces as Linux Ransomware

    Trend Micro - Security Intelligence
    On June 10, South Korean web hosting company NAYANA was hit by Erebus ransomware (detected by Trend Micro as RANSOM_ELFEREBUS.A), infecting 153 Linux servers and over 3,400 business websites the company hosts.
    In a notice posted on NAYANA’s website last June 12, the company shared that the attackers demanded an unprecedented ransom of 550 Bitcoins (BTC), or US$1.62 million, in order to decrypt the affected files from all its servers.
    Erebus was first seen on September 2016 via malvertisements and reemerged on February 2017 and used a method that bypasses Windows’ User Account Control. Here are some of the notable technical details we’ve uncovered so far about Erebus’ Linux version.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Erebus Resurfaces as Linux Ransomware
  • Analyzing the Fileless, Code-injecting SOREBRECT Ransomware

    Trend Micro - Security Intelligence
    Fileless threats and ransomware aren’t new, but a malware that incorporates a combination of their characteristics can be dangerous. Take for instance the fileless, code-injecting ransomware we’ve uncovered—SOREBRECT, which Trend Micro detects as RANSOM_SOREBRECT.A and RANSOM_SOREBRECT.B.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Analyzing the Fileless, Code-injecting SOREBRECT Ransomware
  • Microsoft Patches Windows XP Again As Part of June Patch Tuesday

    Trend Micro - Security Intelligence
    Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Microsoft Patches Windows XP Again As Part of June Patch Tuesday
  • Exploring the Online Economy that Fuels Fake News

    Trend Micro - Security Intelligence
    “Fake news” was relatively unheard of last year—until the U.S. election campaign period started, during which an explosion of misinformation campaigns trended. But despite its seemingly rampant spread, fake news is just one facet of public opinion manipulation and cyber propaganda that we see today. Whether it’s a company trying to promote a brand or a political party pushing an ideal, today’s information wars are often for control of the public’s worldview.
    Our latest research paper, “The Fake News Machine: How Propagandists Abuse the Internet and Manipulate the Public”, delves into this phenomenon. It also tackles how a group with means and motivations, use of social media, and online promotion tools and services can effectively spread these campaigns. These are the components of what we call the “Fake News Triangle”, which we’ve found to be the pillars of success for any fake news and public opinion manipulation campaign.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Exploring the Online Economy that Fuels Fake News
  • Analyzing Xavier: An Information-Stealing Ad Library on Android

    Trend Micro - Security Intelligence
    We have recently discovered a Trojan Android ad library called Xavier that steals and leaks a user’s information silently. Xavier’s impact has been widespread, with more than 800 applications embedding the ad library’s SDK having been downloaded millions of times from Google Play.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Analyzing Xavier: An Information-Stealing Ad Library on Android
  • Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan

    Trend Micro - Security Intelligence
    We found another unique method being used to deliver malware—abusing the action that happens when simply hovering the mouse’s pointer over a hyperlinked picture or text in a PowerPoint slideshow. This technique is employed by a Trojan downloader (detected by Trend Micro as TROJ_POWHOV.A and P2KM_POWHOV.A), which we’ve uncovered in a recent spam email campaign in the EMEA region, especially organizations in the U.K., Poland, Netherlands, and Sweden. Affected industries include manufacturing, device fabrication, education, logistics, and pyrotechnics.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    Mouse Over, Macro: Spam Run in Europe Uses Hover Action to Deliver Banking Trojan
  • The Reigning King of IP Camera Botnets and its Challengers

    Trend Micro - Security Intelligence
    Early this month we discussed a new Internet of Things (IoT) botnet called Persirai (detected by Trend Micro as ELF_PERSIRAI.A), which targets over 1000 Internet Protocol (IP) camera models. Currently, through Shodan and our own research, we see that 64% of tracked IP cameras with custom http servers are infected with Persirai. But, because these cameras are such common targets, there is some competition between malware.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    The Reigning King of IP Camera Botnets and its Challengers
  • June’s Android Security Bulletin Address Critical Vulnerabilities in Media Framework and Qualcomm Components

    Trend Micro - Security Intelligence
    Google recently released their June security bulletin for Android, which addresses critical vulnerabilities found in Media framework, as well as various critical vulnerabilities that are based on Qualcomm components. As with previous Android security updates, this month’s bulletin is available via over-the-air updates for native Android devices or via service providers and manufacturers for non-native devices.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    June’s Android Security Bulletin Address Critical Vulnerabilities in Media Framework and Qualcomm Components

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place