How Underground Groups Use Stolen Identities and Deepfakes

Credit to Author: Vladimir Kropotov| Date: Tue, 27 Sep 2022 00:00:00 +0000

The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.

Read more

Security Risks in Logistics APIs Used by E-Commerce Platforms

Credit to Author: Ryan Flores| Date: Tue, 20 Sep 2022 00:00:00 +0000

Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.

Read more

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Credit to Author: Sunil Bharti| Date: Wed, 14 Sep 2022 00:00:00 +0000

This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.

Read more

How Malicious Actors Abuse Native Linux Tools in Attacks

Credit to Author: Nitesh Surana| Date: Thu, 08 Sep 2022 00:00:00 +0000

Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.

Read more

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Credit to Author: Alfredo Oliveira| Date: Wed, 07 Sep 2022 00:00:00 +0000

We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing cloud resources.

Read more