• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Archives for August 2019

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

  • Posted on:August 30, 2019 at 4:54 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

By David Fiser (Senior Cyber Threat Researcher) Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins’ modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the…

Read More
Tags: JenkinsJenkins plugin

‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information

  • Posted on:August 29, 2019 at 6:45 am
  • Posted in:Bad Sites, Spam
  • Author:
    Trend Micro
0

Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved —  from merely mimicking legitimate websites and using diversified social engineering tactics — with its use of more sophisticated techniques such as steganography.

Read More
Tags: paypalphishing

TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy

  • Posted on:August 27, 2019 at 12:01 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

TA505 continues to wreak as much havoc for maximized profits. Still using ServHelper and FlawedAmmyy, they continue to make small changes: targeting other countries, entities, or the combination of techniques used for deployment with each campaign.

Read More
Tags: FlawedAmmyyServHelperTA505

Asruex Backdoor Variant Infects Word Documents and PDFs Through Old MS Office and Adobe Vulnerabilities

  • Posted on:August 22, 2019 at 5:22 am
  • Posted in:Malware, Vulnerabilities
  • Author:
    Trend Micro
0

Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

Read More
Tags: Adobe reader and acrobat vulnerabilityAsruexbackdoorinfectorMS Office vulnerability

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

  • Posted on:August 19, 2019 at 5:00 am
  • Posted in:Botnets, Malware
  • Author:
    Trend Micro
0

When we first investigated MyKings in 2017, we focused on how the cryptominer-dropping botnet malware used WMI for persistence. Like Mirai, MyKings seems to be constantly undergoing changes to its infection routine. The variant we analyzed for this incident did not just have a single method of retaining persistence but multiple ones, as discussed in the previous section. In addition to WMI, it also used the registry, the task scheduler, and a bootkit — the most interesting of which is the bootkit.

Read More
Tags: botnetManaged Detection and ResponseMyKings
Page 1 of 3123

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.