• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for March 2019

Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response

  • Posted on:March 29, 2019 at 5:00 am
  • Posted in:Ransomware
  • Author:
    Trend Micro
0

Through our managed detection and response (MDR) monitoring, we discovered the modular Emotet malware distributing the Nymaim malware, which then loads the Nozelesn ransomware. We detected this particular Emotet variant in one of our monitored endpoints in the hospitality industry in February 2019. For this threat investigation, we also sourced 580 similar Emotet file attachment samples from our telemetry and gathered data between January 9, 2019 and February 7, 2019.

Read More
Tags: EMOTETManaged Detection and ResponseMDRNozelesnNymaimransomware

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

  • Posted on:March 28, 2019 at 5:02 am
  • Posted in:Bad Sites, Mobile
  • Author:
    Joseph C Chen (Fraud Researcher)
0

We discovered a phishing campaign targeting South Korean websites and users’ credentials using the watering hole technique. Labeling the campaign Soula, cybercriminals injected a malicious JS code in at least four websites for a fake login pop-up to appear at intervals before they can continue using the pages.

Read More
Tags: JavaScriptphishingSouth Koreawatering hole

CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr

  • Posted on:March 27, 2019 at 6:02 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

Security researcher Michael Stepankin reported a vulnerability found in the popular, open-source enterprise search platform Apache Solr: CVE-2019-0192. It’s a critical vulnerability related to deserialization of untrusted data. To have a better understanding of how the vulnerability works, we replicated how it could be exploited in a potential attack by using a publicly available proof of concept (PoC).

Successfully exploiting this security flaw can let hackers execute arbitrary code in the context of the server application. For example, an unauthenticated hacker can exploit CVE-2019-0192 by sending a specially crafted Hypertext Transfer Protocol (HTTP) request to the Config API, which allows Apache Solr’s users to set up various elements of Apache Solr (via solrconfig.xml). Affected versions include Apache Solr 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5.

Read More
Tags: apacheApache SolrCVE-2019-0192

Telecom Crimes Against the IoT and 5G

  • Posted on:March 21, 2019 at 1:50 am
  • Posted in:Internet of Things, Mobile
  • Author:
    Trend Micro
0

Telecommunications or telecom technology is the underpinning of the modern internet, and consequently, the internet’s growing segment, the internet of things (IoT). At its best, this relationship is exemplified as advances in network connectivity as we move to 5G. In our paper with Europol’s European Cybercrime Centre (EC3), “Cyber-Telecom Crime Report 2019,” we explore how this relationship can also be used to threaten and defraud the IoT.

Read More
Tags: IOTTelecomTelecommunications

CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution

  • Posted on:March 14, 2019 at 5:01 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning.

Read More
Tags: CVE-2019-7238Nexus Repository Manager 3NXRM
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.