• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
2018 Midyear Security Roundup: Unseen Threats, Imminent Losses

2018 Midyear Security Roundup: Unseen Threats, Imminent Losses

A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth.

Read more

Foreshadow/L1TF Intel Processor Vulnerabilities: What You Need to Know

Foreshadow/L1TF Intel Processor Vulnerabilities: What You Need to Know

Microsoft’s Patch Tuesday for August includes an update that fixes Foreshadow and Foreshadow-NG (aka L1 Terminal Fault or L1TF), security flaws affecting the speculative execution feature of Intel CPUs, similar to the Spectre and Meltdown vulnerabilities.

Read more

Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts

Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts

Users of the Apache Struts are urged to update to its latest version after security researchers uncovered a critical remote code execution (RCE) vulnerability in the popular open-source Java-based web application development framework.

Read more

A Look Into Smart Factories: A Model of IIoT Innovation

A Look Into Smart Factories: A Model of IIoT Innovation

Organizations worldwide are integrating the internet of things (IoT) closely into how they do business, a move that is as much about keeping up with the rest of the world as it is about improving operations.

Read more

Data Breaches Highlight the Need for Managed Detection and Response

Data Breaches Highlight the Need for Managed Detection and Response

In a span of five weeks earlier this year, several high-profile breaches were reported — Orbitz, Saks Fifth Avenue, Lord and Taylor, Sears, and Best Buy were just some that made headlines. This spate of data breaches affected millions of customers, putting focus on not only on data protection but also incident response.

Read more

September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
  • Posted on:September 11, 2018 at 11:25 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitter and has been seen actively used in malicious campaigns as early as September 5.

Read More
Tags: Patch Tuesday

A Closer Look at the Locky Poser, PyLocky Ransomware
  • Posted on:September 10, 2018 at 5:02 am
  • Posted in:Ransomware, Spam
  • Author:
    Trend Micro
0

While ransomware has noticeably plateaued in today’s threat landscape, it’s still a cybercriminal staple. In fact, it saw a slight increase in activity in the first half of 2018, keeping pace by being fine-tuned to evade security solutions, or in the case of PyLocky (detected by Trend Micro as RANSOM_PYLOCKY.A), imitate established ransomware families and ride on their notoriety.

In late July and throughout August, we observed waves of spam email delivering the PyLocky ransomware. Although it tries to pass off as Locky in its ransom note, PyLocky is unrelated to Locky. PyLocky is written in Python, a popular scripting language; and packaged with PyInstaller, a tool used to package Python-based programs as standalone executables.

Read More
Tags: machine learningPyLockyransomwareSpam

Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
  • Posted on:September 7, 2018 at 5:58 am
  • Posted in:Deep Web
  • Author:
    Trend Micro Forward-Looking Threat Research Team
0

We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian countries. The sample data we saw was unencrypted (in plaintext), some of which were in CSV, SQL, and TXT dumps.

We believe this stolen data is related to the data breach (reported on August 29) that exposed up to 130 million PII. The news that reported the data breach matched with an advertisement we saw in the dark web selling the stolen data for eight bitcoins (equivalent to more than US$58,000 as of September 5, 2018).

Read More
Tags: cybercriminal undergroundDeep Web

The Urpage Connection to Bahamut, Confucius and Patchwork
  • Posted on:August 29, 2018 at 6:07 am
  • Posted in:Mobile, Targeted Attacks
  • Author:
    Trend Micro
0

In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. In this case we dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”

Read More
Tags: BahamutConfuciusPatchwork

IQY and PowerShell Abused by Spam Campaign to Infect Users in Japan with BEBLOH and URSNIF
  • Posted on:August 22, 2018 at 6:00 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

Trend Micro recently saw increased abuse of the internet query file IQY, similar to the activity detected in June from a Necurs-distributed spam wave that delivered the FlawedAmmyy RAT. It appears cybercriminals are taking advantage of the simple structure of IQY files because they can be used to evade structure-based detection methods.

Our latest observation found the Cutwail botnet distributing spam mails abusing IQY files. The spam campaign specifically targets users in Japan, delivering either the BEBLOH (detected by Trend Micro as TSPY_BEBLOH.YMNPV) or URSNIF (TSPY_URSNIF.TIBAIDO) malware. The spam mails attempt to trick users into clicking the attachment using conventional social engineering baits such as “payment,” “photos sent,” “photos attached,” and “please confirm,” among others. The campaign’s activity was detected on August 6, 2018, and has managed to distribute approximately 500,000 spam mails. The spam distribution has since died down on August 9.

Read More
Tags: BEBLOHIQYPowershellURSNIF
Page 1 of 75712 › »

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • The Urpage Connection to Bahamut, Confucius and Patchwork
  • Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
  • A Closer Look at the Locky Poser, PyLocky Ransomware
  • September Patch Tuesday: Windows Fixes ALPC Elevation of Privilege, Remote Code Execution Vulnerabilities
  • Down but Not Out: A Look Into Recent Exploit Kit Activities

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.