• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   This Week in Security News: Trend Micro and Snyk Partner to Fight Open Source Security Flaws and Ransomware Has Gone Corporate

This Week in Security News: Trend Micro and Snyk Partner to Fight Open Source Security Flaws and Ransomware Has Gone Corporate

  • Posted on:August 28, 2020
  • Posted in:Current News, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro and Snyk’s new co-developed solution to help manage the risk of open source vulnerabilities. Also, read about a new ransomware strain that emulates the practices of a legitimate enterprise.

Read on:

Trend Micro, Snyk Fight Open Source Security Flaws

This week, Trend Micro announced plans for a new, co-developed solution with Snyk, which expands on the company’s ongoing strategic partnership to enhance DevOps security. The joint solution will help security teams manage the risk of open source vulnerabilities from the moment open source code is introduced without interrupting the software delivery process. Trend Micro’s COO Kevin Simzer shares more details on the solution in this article.

Securing the Pandemic-Disrupted Workplace: Trend Micro 2020 Midyear Cybersecurity Report

Trend Micro’s 2020 Midyear Security Roundup examines pressing security issues during the first half of this year, including Covid-19-related threats and targeted ransomware attacks, and offers recommendations to help enterprises secure their systems from cybercriminals in the new normal terrain.

Ransomware Has Gone Corporate—and Gotten More Cruel

DarkSide is the latest strain of ransomware built to shake down big-game targets for millions—with attacks that seem legitimate by including guaranteed turnaround times, real-time chat support and brand awareness. As ransomware becomes big business, its purveyors have embraced the tropes of legitimate enterprises, down to corporate responsibility pledges. Ed Cabrera, chief cybersecurity officer at Trend Micro, comments on the serious risks of ransomware in this article.

Probing Attempts on Home Routers Increase in 1H 2020

The current reality of having many connected devices in the home has given rise to incidents of potential home network intrusions. In the first half of 2020, Trend Micro detected more than 10.6 billion suspicious connection attempts on routers’ unavailable TCP ports. TCP port 23, in particular, had the most detections of suspicious connection attempts, with more than 5.3 billion.

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

Threat actors exploited a vulnerability in the popular 3D computer graphics Autodesk software to launch a recent cyber-espionage attack against an international architectural and video production company. Researchers said that further analysis of the attack points to a sophisticated, APT-style group that had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected.

CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day

Microsoft recently patched a zero-day vulnerability that targeted Internet Explorer (IE) 11. It’s a use-after-free (UAF) bug in IE’s JavaScript engine, jscript9.dll. Previously, Trend Micro observed that zero-day attacks against IE usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to jscript9.dll and used the modern JavaScript engine’s Just-In-Time (JIT) engine to trigger the bug, so Trend Micro decided to dive into the jscrtip9.dll JIT engine to figure out the root cause of CVE-2020-1380.

CSO Insights: Ricoh USA’s David Levine on Employing a Cloud- and Cybersecurity-First Strategy

In this blog, David Levine, vice president of corporate and information security and CSO for Ricoh USA, Inc., shares how his organization accommodates mobility by reinforcing a security-first mindset, employing a cloud-first strategy, managing risk, and enabling employees in the ‘new normal’.

Is the Electric Grid Closer to a Devastating Cyberattack that Could Mean Lights Out?

Could the electric grid be taken down with a $50 device secreted in the bottom of a coffee cup as researchers have claimed? Maybe, but the more likely threat comes from bad actors with improved capabilities who’ve ramped up their attacks on critical infrastructure and utilities. Seventy percent of industrial controls system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely, according to a report from Claroty.

The Basics of Keeping Your Kubernetes Cluster Secure: Part 1

With Kubernetes’ popularity and increasingly high adoption rates, its security should always be prioritized. In this blog, Trend Micro provides vital tips and recommendations on keeping the master node, the API server, etcd, RBAC, and network policies secure.

After a Decade, Qbot Trojan Malware Gains New, Dangerous Tricks

The Qbot Trojan has been plaguing computer users and businesses for over a decade and the cybercriminals behind it are still coming up with new tricks that keep it one of the most prevalent and successful malware threats. The latest technique observed by security researchers involves the malware inserting itself into the legitimate email threads of their victims to spread.

Surprised by the DarkSide ransomware’s professionalism? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

Related posts:

  1. Removing Open Source Visibility Challenges for Security Operations Teams
  2. This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
  3. Businesses beware: New open source ransomware threatens the enterprise community
  4. This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.