web analytics

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or… Continue reading May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

This Week in Security News: Skimming Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how credit card skimming attacks can impact businesses and how ransomware can use software installations to help hide malicious activities. Read on: Mirrorthief Group Uses Magecart… Continue reading This Week in Security News: Skimming Attacks and Ransomware

Dharma Ransomware Uses AV Tool to Distract from Malicious Activities

by Raphael Centeno The Dharma ransomware has been around since 2016, but it has continued to target and successfully victimize users and organizations around the world. One high profile attack happened in November 2018 when the ransomware infected a hospital in Texas, encrypting many of their stored records; luckily the hospital was able to recover… Continue reading Dharma Ransomware Uses AV Tool to Distract from Malicious Activities

Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices

Malice Vs Greed Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by… Continue reading Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices

CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit

by Augusto II Remillano and Robert Malagad In March 2019, Atlassian published an advisory covering two critical vulnerabilities involving Confluence, a widely used collaboration and planning software. In April, we observed one of these vulnerabilities, the widget connector vulnerability CVE-2019-3396, being exploited by threat actors to perform malicious attacks. Security provider Alert Logic also discovered… Continue reading CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit

Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada

We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada. We started detecting the attacks against multiple campus store websites on April 14, during which the sites were injected with… Continue reading Mirrorthief Group Uses Magecart Skimming Attack to Hit Hundreds of Campus Online Stores in US and Canada

The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide

Submitted by: Adam Boyle, Head of Product Management, Hybrid Cloud Security, Trend Micro When it comes to software container security, it’s important for enterprises to look at the big picture, taking into account how they see containers effecting their larger security requirements and future DevOps needs. Good practices can help security teams build a strategy that… Continue reading The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide