Top IT Security Bloggers

TrendLabs - Malware Blog
  • Latest Trickbot Campaign Delivered via Highly Obfuscated JS File

    TrendLabs - Malware Blog
    We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that it’s in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.
    The post Latest Trickbot Campaign Delivered via Highly Obfuscated JS File appeared first on .
  • Keeping a Hidden Identity: Mirai C&Cs in Tor Network

    TrendLabs - Malware Blog
    We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals' identities anonymous and protecting the servers from being shut down despite discovery.
    The post Keeping a Hidden Identity: Mirai C&Cs in Tor Network appeared first on .
  • Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’

    TrendLabs - Malware Blog
    Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — leveled against Elasticsearch servers. These attacks mostly delivered cryptocurrency-mining malware, as in the case of one attack we saw last year.
    The latest attack we spotted deviates from the usual profit-driven motive by delivering backdoors as its payload. These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks.
    The post Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’ appeared first on .
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide

    TrendLabs - Malware Blog
    We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.
    The post Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide appeared first on .
  • Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

    TrendLabs - Malware Blog
    We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign's techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be the work of a group involved in business email compromise (BEC) or cybercrime, and unlikely to be an advanced persistent threat (APT).
    The post Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C appeared first on .
  • Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks

    TrendLabs - Malware Blog
    By David Fiser Jenkins is a popular open-source automation server for software development teams. Used for managing the development side in DevOps, the main purpose of Jenkins is to perform tasks, called jobs, such that software project builds are automatically developed in the CI/CD process. Jenkins has a distributed architecture: A master machine manages a...
    The post Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks appeared first on .
  • SLUB Gets Rid of GitHub, Intensifies Slack Use

    TrendLabs - Malware Blog
    by Cedric Pernet, Elliot Cao, Jaromir Horejsi, Joseph C. Chen, William Gamazo Sanchez Four months ago, we exposed an attack that leveraged a previously unknown malware that Trend Micro named SLUB. The past iteration of SLUB spread from a unique watering hole website exploiting CVE-2018-8174, a VBScript engine vulnerability. It used GitHub and Slack as...
    The post SLUB Gets Rid of GitHub, Intensifies Slack Use appeared first on .
  • iOS URL Scheme Susceptible to Hijacking

    TrendLabs - Malware Blog
    Abuse of the iOS URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
    The post iOS URL Scheme Susceptible to Hijacking appeared first on .
  • New Miori Variant Uses Unique Protocol to Communicate with C&C

    TrendLabs - Malware Blog
    Miori has recently reappeared bearing a notable difference in the way it communicates with its C&C server. This Miori variant departs from the usual binary-based protocol and uses a text-based protocol to communicate with its C&C.
    The post New Miori Variant Uses Unique Protocol to Communicate with C&C appeared first on .
  • July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server

    TrendLabs - Malware Blog
    Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.
    The post July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including Windows DHCP Server appeared first on .

Editor's Recommendations

Brand Page

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release