Categories
Anti-malware

This Week in Security News: Malvertising and Internet of Things Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new Internet of Things malware that’s bricked thousands of devices. Also, read about a ransomware family that’s using malvertising to direct victims to a […]

Categories
Anti-malware

Golang-based Spreader Used in a Cryptocurrency-Mining Malware Campaign

by Augusto Remillano II and Mark Vicente We found a Golang-based spreader being used in a campaign that drops a cryptocurrency miner payload. Golang, or Go, is an open source programming language that has been recently associated with malware activity. Trend Micro has been detecting the use of the spreader since May and saw it […]

Categories
Anti-malware

AWS re:Inforce 2019 re:Cap

The inaugural AWS Cloud security conference—AWS re:Inforce—was held in Boston this week. Well over 8,000 attendees descended on the Boston Convention and Exhibition Center for two days jammed packed with security education and cloud content. This was a very interesting conference because the dynamics of the attendees felt very different from typical AWS events. Usually […]

Categories
Anti-malware

ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit

After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit. The campaign has been spotted targeting global victims, after operating mainly in Asia. Background of the Greenflash Sundown exploit kit The ShadowGate (also called WordsJS) campaign was identified […]

Categories
Anti-malware

Three Network Security Questions with CEITEC’s CIO

Ireneo Demanarig is the Chief Information Officer at CEITEC S.A. located in Porto Alegre, Rio Grande do Sul, Brazil. CEITEC is a microelectronics manufacturer that specializes in solutions such as automatic identification (RFID and smartcards), application-specific integrated circuits (ASICs) aimed at identifying animals, and much more. Recently, I jumped on the phone with Ireneo and […]

Categories
Anti-malware

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic

By: Sivathmican Sivakumaran (Vulnerability Researcher) Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. […]

Categories
Anti-malware

This Week in Security News: Cyberespionage Campaigns and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries anda botnet malware that infiltrates containers via exposed Docker APIs. Read on: Hackers Are After Your Personal Data […]

Categories
Anti-malware

CVE-2019-8635: Double Free Vulnerability in Apple macOS Lets Attackers Escalate System Privileges and Execute Arbitrary Code

by Moony Li and Lilang Wu (Threats Analysts) We discovered a double free vulnerability (assigned as CVE-2019-8635) in macOS. The vulnerability is caused by a memory corruption flaw in the AMD component. If successfully exploited, an attacker can implement privilege escalation and execute malicious code on the system with root privileges. We disclosed our findings […]

Categories
Anti-malware

Cryptocurrency Mining Botnet Arrives Through ADB and Spreads Through SSH

by Jindrich Karasek We observed a new cryptocurrency mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously reported. This botnet’s design allows it to spread […]

Categories
Anti-malware

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

By: Ecular Xu and Grey Guo (Mobile Threats Analysts) We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as  AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are […]