Top IT Security Bloggers

TrendLabs - Malware Blog
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide

    TrendLabs - Malware Blog
    We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.
    The post Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide appeared first on .
  • Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

    TrendLabs - Malware Blog
    We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign's techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT).
    The post Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C appeared first on .
  • Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

    TrendLabs - Malware Blog
    By David Fiser Jenkins is a popular open-source automation server for software development teams. Used for managing the development side in DevOps, the main purpose of Jenkins is to perform tasks, called jobs, such that software project builds are automatically developed in the CI/CD process. Jenkins has a distributed architecture: A master machine manages a...
    The post Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks appeared first on .
  • SLUB Gets Rid of GitHub, Intensifies Slack Use

    TrendLabs - Malware Blog
    by Cedric Pernet, Elliot Cao, Jaromir Horejsi, Joseph C. Chen, William Gamazo Sanchez Four months ago, we exposed an attack that leveraged a previously unknown malware that Trend Micro named SLUB. The past iteration of SLUB spread from a unique watering hole website exploiting CVE-2018-8174, a VBScript engine vulnerability. It used GitHub and Slack as...
    The post SLUB Gets Rid of GitHub, Intensifies Slack Use appeared first on .
  • iOS URL Scheme Susceptible to Hijacking

    TrendLabs - Malware Blog
    Abuse of the iOS URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
    The post iOS URL Scheme Susceptible to Hijacking appeared first on .
  • New Miori Variant Uses Unique Protocol to Communicate with C&C

    TrendLabs - Malware Blog
    Miori has recently reappeared bearing a notable difference in the way it communicates with its C&C server. This Miori variant departs from the usual binary-based protocol and uses a text-based protocol to communicate with its C&C.
    The post New Miori Variant Uses Unique Protocol to Communicate with C&C appeared first on .
  • July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server

    TrendLabs - Malware Blog
    Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.
    The post July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server appeared first on .
  • Powload Loads Up on Evasion Techniques

    TrendLabs - Malware Blog
    By sifting through six months’ worth of data (Jan-Jun 2019) covering over 50,000 samples from the Trend Micro™ Smart Protection Network™ infrastructure, we managed to gain insight into how Powload has incorporated new techniques to increase its effectiveness, especially in its ability to hide from detection.
    The post Powload Loads Up on Evasion Techniques appeared first on .
  • Anubis Android Malware Returns with Over 17,000 Samples

    TrendLabs - Malware Blog
    he 2018 mobile threat landscape had banking trojans that diversified their tactics and techniques to evade detection and further monetize their malware — and in the case of the Anubis Android malware, retooled for other malicious activities. Anubis underwent several changes since it first emerged, from being used for cyberespionage to being retooled as a banking malware, combining information theft and ransomware-like routines. In mid-January of 2019, we saw Anubis use a plethora of techniques, including the use of motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information.
    The latest samples of Anubis (detected by Trend Micro as AndroidOS_AnubisDropper) we recently came across are no different. While tracking Anubis’ activities, we saw two related servers containing 17,490 samples.
    The post Anubis Android Malware Returns with Over 17,000 Samples appeared first on .
  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

    TrendLabs - Malware Blog
    Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India, Japan, Argentina, the Philippines, and South Korea.
    This blog post covers the updates from TA505’s campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and procedures of these campaigns, particularly those observed in late June. We also analyzed a new malware tool named Gelup(detected by Trend Micro as Trojan.Win32.GELUP.A), which we saw the group use in one of the campaigns on June 20.
    The post Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi appeared first on .

Editor's Recommendations

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release