Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. Read More HERE…
Trend Micro Research : Ransomware
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment. Read More HERE…
Electric Power System Cybersecurity Vulnerabilities
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions. Read More HERE…
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. Read More HERE…
Monti Ransomware Unleashes a New Encryptor for Linux
The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions. Read More HERE…
An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector
In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain. Read More HERE…
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems. Read More HERE…
Tailing Big Head Ransomware’s Variants, Tactics, and Impact
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware. Read More HERE…
An Overview of the Different Versions of the Trigona Ransomware
The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries. Read More HERE…
MOVEit Vulnerability Breaches Targeted Fed Agencies
Jon Clay and Ed Cabrera talk about the MOVEit breaches and more in the video series #TrendTalksBizSec Read More HERE…