Earth Preta Spear-Phishing Governments Worldwide

Credit to Author: Nick Dai| Date: Fri, 18 Nov 2022 00:00:00 +0000

We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD.

Read more

Electricity/Energy Cybersecurity: Trends & Survey Response

Credit to Author: Mayumi Nishimura| Date: Wed, 16 Nov 2022 00:00:00 +0000

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations.

Read more

CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Credit to Author: Mickey Jin| Date: Fri, 11 Nov 2022 00:00:00 +0000

This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files).

Read more

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Credit to Author: Feike Hacquebord| Date: Tue, 08 Nov 2022 00:00:00 +0000

This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.

Read more

Manufacturing Cybersecurity: Trends & Survey Response

Credit to Author: Mayumi Nishimura| Date: Fri, 28 Oct 2022 00:00:00 +0000

Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry’s challenges and present Trend Micro’s recommendations.

Read more

Where is the Origin?: QAKBOT Uses Valid Code Signing

Credit to Author: Hitomi Kimura| Date: Thu, 27 Oct 2022 00:00:00 +0000

Code signing certificates help us assure the file’s validity and legitimacy. However, threat actors can use that against us. In this blog, discover how QAKBOT use such tactic and learn ways how to prevent it.

Read more

From Bounty to Exploit: Observations About Cybercriminal Contests

Credit to Author: David Sancho| Date: Thu, 27 Oct 2022 00:00:00 +0000

From articles to hackathons, cybercriminals are resorting to crowdsourcing to find more ways to exploit systems. In this blog, we discuss our takeaways and summarize the results of these contests.

Read more