Our honeypot sensors, which are designed to emulate Secure Shell (SSH), Telnet, and File Transfer Protocol (FTP) services, recently detected a mining bot related to the IP address 220.127.116.11. The address has been seen to search for both SSH- and IoT-related ports, including 22, 2222, and 502. In this particular attack, however, the IP has landed on port 22, SSH service. The attack could be applicable to all servers and connected devices with a running SSH service.Read More
Microsoft’s Patch Tuesday for March is an eventful one, with updates that comprise fixes for 75 security issues and a change of tack in its patch deployment process for Windows 10. Of the vulnerabilities Microsoft patched for this month, 14 were rated as Critical and 61 Important. Six of these were disclosed through Trend Micro’s Zero Day Initiative: CVE-2018-0815, CVE-2018-0816, CVE-2018-0878, CVE-2018-0889, CVE-2018-0929, and CVE-2018-0977.Read More
Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014.Read More
We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A). Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. We estimate that MajikPOS’s initial infection started around January 28, 2017.
While other PoS malware FastPOS (its updated version), Gorynych and ModPOS also feature multiple components with entirely different functions like keylogging, MajikPOS’s modular tack is different. MajikPOS needs only another component from the server to conduct its RAM scraping routine.Read More