Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™
We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847. Read More HERE…
Trend Micro Research : Research
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware. Read More HERE…
An In-Depth Look at ICS Vulnerabilities Part 2
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels. Read More HERE…
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation. Read More HERE…
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS. Read More HERE…
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency. Read More HERE…
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers. Read More HERE…
An Investigation of Cryptocurrency Scams and Schemes
We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets worldwide. Read More HERE…
Cyclops Blink Sets Sights on Asus Routers
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current and historical command-and-control (C&C) servers of the Cyclops Blink botnet. Read More HERE…
New Nokoyawa Ransomware Possibly Related to Hive
In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they execute various steps. Read More HERE…