Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what critical approaches can protect your enterprise business from software vulnerabilities. Also, learn about vulnerabilities in IoT alarms that let hackers hijack cars. Read on: How… Continue reading This Week in Security News: Security Vulnerabilities
Month: March 2019
CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
By Govind Sarda and Raghvendra Mishra A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning. This vulnerability in NXRM 3, which reportedly… Continue reading CVE-2019-7238: Insufficient Access Controls in Sonatype Nexus Repository Manager 3 Allows Remote Code Execution
A Machine Learning Model to Detect Malware Variants
For a piece of malware to be able to do its intended malicious activity, it has to be able to sneak inside a machine’s system without being flagged by cybersecurity defenses. It camouflages and packages itself to look like a benign piece of code and, when it has cleared past security filters, unleashes its payload.… Continue reading A Machine Learning Model to Detect Malware Variants
How to get Ahead of Vulnerabilities and Protect your Enterprise Business
Security vulnerabilities are popping up all the time, and can put any business that uses technological assets at risk. In a nutshell, vulnerabilities represent the ideal opportunity for malicious actors to break into systems and wreak all types of havoc. From data theft to information compromise and beyond, vulnerabilities are a particularly pertinent issue for… Continue reading How to get Ahead of Vulnerabilities and Protect your Enterprise Business
From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
By: Augusto Remillano and Kiyoshi Obuchi (Threats Analysts) Powload’s staying power in the threat landscape shows how far it has come. In fact, the uptick of macro malware in the first half of 2018 was due to Powload, which was distributed via spam emails. Powload was also one of the most pervasive threats in the… Continue reading From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
A $100,000 Commitment to Close the Gender Diversity Gap in Cybersecurity
Today as we celebrate International Women’s Day we’re filled with both admiration for strong women who inspire and a sense of responsibility to honor diversity in an industry that has traditionally been quite uniform, especially when it comes to gender. While we celebrate the achievements of women around the world today, it’s business-as-usual on the… Continue reading A $100,000 Commitment to Close the Gender Diversity Gap in Cybersecurity
Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 2
Art and cybersecurity are not two worlds usually seen sharing the same orbit. But at Trend Micro we believe there’s a vision, a mastery of skill and a passion which unites both. It’s an approach we’ve spent the past three decades honing as serious barriers have emerged to challenge IT efforts to support the business.… Continue reading Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 2
New SLUB Backdoor Uses GitHub, Communicates via Slack
by Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, and Joseph C. Chen We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected… Continue reading New SLUB Backdoor Uses GitHub, Communicates via Slack
UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities
by Tony Yang (Home Network Researcher) Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of… Continue reading UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities
Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 1
How many of you can remember what it was like managing IT security 10 years ago? How about two decades? The truth is that the landscape was so utterly different back then that any comparisons with today are a little unfair. Yet they’re useful in one key regard: to teach us just how complex and… Continue reading Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 1