• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for April 2017

Of Pigs and Malware: Examining a Possible Member of the Winnti Group
  • Posted on:April 19, 2017 at 3:41 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

In one of our previous blog entries, we covered how GitHub was being used to spread malware. In this entry, we take a closer look at an individual who we believe might be connected to the threat actor behind the malware.

A careful analysis of the domain registrations from this threat actor between 2014 and 2015 allowed us to identify one profile used to register several domains that were used as C&C servers for a particular malware family employed by the Winnti group. In particular, we managed to gather details on an individual using the handle Hack520, who we believe is connected to Winnti.

Read More
Tags: Hack520Winnti

April Patch Tuesday: Microsoft Patches Office Vulnerability Used in Zero-Day Attacks
  • Posted on:April 12, 2017 at 8:57 am
  • Posted in:Vulnerabilities
  • Author:
    Ronaldo Mangahas (Technical Communications)
0

One of the major updates for this month’s Patch Tuesday addresses CVE-2017-0199, a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office. This flaw is currently being exploited by the notorious DRIDEX banking trojan.

Threat actors leveraging this vulnerability do so via a spam campaign in which the attacker sends an email with an embedded Microsoft Word document to a targeted user. When the user opens the attached document, the hidden exploit code connects to a remote server that fetches malicious files, which are DRIDEX variants(detected by Trend Micro as TSPY_DRIDEX.SLP, TROJ_CVE20170199.B and TROJ_CVE20170199.C).

Read More
Tags: Patch Tuesday
Page 2 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
  • US and European companies Top Targets of CEO Fraud
  • Company CFOs Targeted The Most By BEC Schemes
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • CEO Fraud Email Scams Target Healthcare Institutions

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.