Top IT Security Bloggers

TrendLabs - Malware Blog
  • GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities

    TrendLabs - Malware Blog
    We recently found similar Mirai-like scanning activity from Mexico with some being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers.
    The post GPON Vulnerabilities Exploited for Mexico-based Mirai-like Scanning Activities appeared first on .
  • Operators of Counter Antivirus Service Scan4You Sentenced

    TrendLabs - Malware Blog
    In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, Ruslans Bondars and Jurijs Martisevs, were arrested in Latvia and extradited to the U.S. by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom.
    Trend Micro started to look into Scan4You's operations in 2012, and have been in close contact with FBI investigators assigned to the case since 2014. Our research on Scan4You spanned more than five years, passing some of our findings to the FBI until the service went offline.
    The post Operators of Counter Antivirus Service Scan4You Sentenced appeared first on .
  • Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability

    TrendLabs - Malware Blog
    We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018. Our analysis found that it's increased activity was caused by cybercriminals engaging in cryptomining via exploiting CVE-2017-10271. The flaw is a patched Oracle WebLogic WLS-WSAT vulnerability that can allow remote attackers to execute arbitrary code on unpatched servers. This marks the second time attackers abused CVE-2017-10271 for cryptomining purposes this year. In February, the vulnerability was exploited to deliver 64-bit and 32-bit variants of an XMRig Monero miner.
    The post Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability appeared first on .
  • New Phishing Scam uses AES Encryption and Goes After Apple IDs

    TrendLabs - Malware Blog
    by Jindrich Karasek Recent data breaches and privacy scares, along with the upcoming General Data Protection Regulation (GDPR) from the European Union, have triggered a change in the way companies handle their users’ data. As a result, many of them have been sending emails asking their users to update their profiles or proactively strengthen security....
    The post New Phishing Scam uses AES Encryption and Goes After Apple IDs appeared first on .
  • Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities

    TrendLabs - Malware Blog
    For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.
    The post Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities appeared first on .
  • Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users

    TrendLabs - Malware Blog
    We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.
    Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links.
    The post Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users appeared first on .
  • Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground

    TrendLabs - Malware Blog
    Crime follows the money, as the saying goes, and once again, cybercriminals have acted accordingly. The underground is flooded with so many offerings of cryptocurrency malware that it must be hard for the criminals themselves to determine which is best. This kind of malware, also known as cryptomalware, has a clear goal, which is to make money out of cryptocurrency transactions. This can be achieved through two different methods: stealing cryptocurrency and mining cryptocurrency on victims’ devices surreptitiously (without the victims noticing), a process also known as cryptojacking. In this post, we discuss how these two methods work, and see whether devices connected to the internet of things (IoT), which are relatively underpowered, are being targeted.
    The post Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground appeared first on .
  • Legitimate Application AnyDesk Bundled with New Ransomware Variant

    TrendLabs - Malware Blog
    We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload.
    The post Legitimate Application AnyDesk Bundled with New Ransomware Variant appeared first on .
  • FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation

    TrendLabs - Malware Blog
    Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger.
    FacexWorm isn’t new. It was uncovered in August 2017, though its whys and hows were still unclear at the time. Last April 8, however, we noticed a spike in its activities that coincided with external reports of FacexWorm surfacing in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain.
    The post FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation appeared first on .
  • Necurs Evolves to Evade Spam Detection via Internet Shortcut File

    TrendLabs - Malware Blog
    Necurs, a botnet malware that’s been around since 2012, has been improved with the hopes of better defeating cybersecurity measures — it was seen to evolve its second layer of infection using a .URL file (with remote script downloaders detected by Trend Micro as MAL_CERBER-JS03D, MAL_NEMUCOD-JS21B, VBS_SCARAB.SMJS02, and MAL_SCARAB-VBS30.
    Necurs, a modular malware with variants that are capable of spam distribution, information theft, and disabling security services and elements, has been in around since 2012, propagating in the wild via the Necurs botnet.
    The post Necurs Evolves to Evade Spam Detection via Internet Shortcut File appeared first on .

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release