Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. Read More HERE…
Trend Micro Research : Research
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. Read More HERE…
How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack
Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt. Read More HERE…
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control. Read More HERE…
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites. Read More HERE…
AI-Powered Deepfake Tools Becoming More Accessible Than Ever
Trend Micro research uncovers new cybercrime tools posing increased threats to security, highlighting the rapid evolution of AI-powered hacking services and their potential for mass exploitation Read More HERE…
Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. Read More HERE…
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. Read More HERE…
Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. Read More HERE…
Mekotio Banking Trojan Threatens Financial Systems in Latin America
We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does. Read More HERE…