Attacking The Supply Chain: Developer

Credit to Author: David Fiser| Date: Wed, 25 Jan 2023 00:00:00 +0000

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly “trusted”.

Read more

Detecting Windows AMSI Bypass Techniques

Credit to Author: Jiri Sykora| Date: Wed, 21 Dec 2022 00:00:00 +0000

We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™.

Read more

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Credit to Author: Mickey Jin| Date: Wed, 21 Dec 2022 00:00:00 +0000

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.

Read more

Trend Micro Joins Google’s App Defense Alliance

Credit to Author: Jon Clay| Date: Fri, 16 Dec 2022 00:00:00 +0000

Trend Micro will be joining Google’s App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.

Read more

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Credit to Author: Mickey Jin| Date: Tue, 20 Dec 2022 00:00:00 +0000

More than two years ago, a researcher, A2nkF demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. In this blog entry, we will discuss how we discovered 3 more vulnerabilities from the old exploit chain.

Read more

Ransomware Business Models: Future Pivots and Trends

Credit to Author: Feike Hacquebord| Date: Thu, 15 Dec 2022 00:00:00 +0000

Ransomware groups and their business models are expected to change from what and how we know it to date. In this blog entry, we summarize from some of our insights the triggers that spark the small changes in the short term (“evolutions”) and the bigger deviations (“revolutions”) they can redirect their criminal enterprises to in the long run.

Read more

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Credit to Author: Jaromir Horejsi| Date: Wed, 14 Dec 2022 00:00:00 +0000

This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms.

Read more