• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Author / Stephen Hilt (Senior Threat Researcher)

Stephen Hilt

Senior Threat Researcher

The Need for Better Built-in Security in IoT Devices
  • Posted on:December 27, 2017
  • Posted in:Internet of Things
  • Posted by:
    Stephen Hilt (Senior Threat Researcher)
0

As manufacturers develop Internet of Things (IoT) devices that integrate with widely popular internet-based applications, more and more users see the value in purchasing such devices. Ease of integration becomes an incentive for users to consider adding these products to their network of devices. But while the ease of use can be enticing, these products can also be susceptible to security issues that could introduce far-reaching problems.

To see just how safe and secure IoT devices are and to what extent an attacker can manipulate an IoT device, we tested the built-in security of a particular IoT device type — internet-connected speakers.

Read More
Tags: Amazon EchoBOSEGoogle HomeSonos

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players
  • Posted on:August 8, 2017
  • Posted in:Exploits, Vulnerabilities
  • Posted by:
    Stephen Hilt (Senior Threat Researcher)
0

Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And usually, for that purpose the game itself is abused.

In the particular scenario we are describing in this blog post, however, it is not the game that is being abused by the cybercriminals, but rather one of the communication tools used by the game players. We’re referring to Discord, a new-generation chat platform that gamers frequently use, with a user base of more than 45 million registered members.

Read More
Tags: APIChat Program APIDiscordROBLOX

Yara Used to RickRoll Security Researchers
  • Posted on:May 26, 2017
  • Posted in:Malware
  • Posted by:
    Stephen Hilt (Senior Threat Researcher)
0

For most security researchers, Yara, a tool that allows them to create their own set of rules for malware tracking, is an invaluable resource that helps automate many processes. However, despite Yara’s reliability, it shouldn’t be the only tool used to monitor new versions of malware.

Read More

Leaking Beeps: IT Systems Broadcasting Sensitive Info
  • Posted on:December 13, 2016
  • Posted in:Targeted Attacks
  • Posted by:
    Stephen Hilt (Senior Threat Researcher)
0

In our previous installments of the Leaking Beeps research series, we have discussed that both healthcare and industrial control systems have been sending clear text messages via the pager communications protocols POCSAG and FLEX. We were surprised to see pages containing sensitive patient information when we looked into the use of pagers in the healthcare sector. We were just as alarmed to see the number of automation systems in industrial environments that were utilizing POCSAG and FLEX as wireless communications paths. This gave a lot of information away to a potential attacker who could use them in a future attack.

Read More
Tags: FLEXpagersPOCSAG

Leaking Beeps: Are You In Control Of Your Own Automation?
  • Posted on:October 25, 2016
  • Posted in:Targeted Attacks
  • Posted by:
    Stephen Hilt (Senior Threat Researcher)
0

Industrial Control Systems (ICS) are a hot topic in the security industry today, thanks to the prevalence of software that is often riddled with security flaws and legacy protocols that were designed without any type of security. Many of these systems were designed in a different time, when the world was quite different. ICS systems used to be isolated, Internet access was rare and expensive, and hacking knowledge was not as widespread as it is today. It would be very difficult for a programmer to have foreseen some of the security issues that have now come about. As a result, however, this often translates to cases where solutions are developed to get the most out of the system while maintaining a cost-conscious mindset. As a result, there are cases where software and protocols that were never meant to be part of an ICS system end up as part of such a system.

Read More
Tags: ICSIndustrial Control Systemspager technologypagersSDRSoftware Defined Radio
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Netwalker Fileless Ransomware Injected via Reflective Loading
  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
  • AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
  • New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
  • Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.