Cybercriminals and malicious hackers have been shifting their tactics, techniques, and procedures (TTPs) to improve their ability to infiltrate an organization and stay under the radar of security professionals and solutions. Moving to more targeted attack methods appears to be a mainstay among threat actors, which requires organizations to improve their visibility into the entire… Continue reading Will XDR Improve Security?
Month: July 2019
Windows Server 2008 End of Support: Are you Prepared?
On July 14th, 2015, Microsoft’s widely deployed Windows Server 2003 reached end of life after nearly 12 years of support. For millions of enterprise servers, this meant the end of security updates, leaving the door open to serious security risks. Now, we are fast approaching the end of life of another server operating system –… Continue reading Windows Server 2008 End of Support: Are you Prepared?
Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’
By: Jindrich Karasek and Augusto Remillano II Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — leveled against Elasticsearch servers. These attacks mostly delivered cryptocurrency-mining malware, as… Continue reading Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’
This Week in Security News: Spam Campaigns and Mobile Malware
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a mobile malware that infects Android devices by exploiting the vulnerabilities found within the operating system. Also, read about a recent spam campaign that targets… Continue reading This Week in Security News: Spam Campaigns and Mobile Malware
Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide
By Augusto Remillano II One of our honeypots detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor as the final payload. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake… Continue reading Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide
How Will Companies Deploy Industrial IoT Security Solutions?
Industrial IoT (IIoT) devices will comprise the majority of the billions of IoT devices deployed over the next decade. How will the information security market meet this onslaught of technology? The consumer market is not a useful guide for this analysis. Consumers buy in small quantities and choose to deploy information security tools piecemeal. Few… Continue reading How Will Companies Deploy Industrial IoT Security Solutions?
Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
by Jaromir Horejsi and Daniel Lunghi (Threat Researchers) We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our… Continue reading Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service
Cloud adoption continues to rise as organizations reduce their data center footprint, look to cloud native technologies to improve their application design and output, and strive to improve scalability and management of resources and systems. In a recent survey conducted by analyst firm ESG, 87% of respondents indicated that they currently run production applications and… Continue reading New Azure Marketplace Pay-As-You-Go Billing for Trend Micro Deep Security as a Service
Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
By David Fiser Jenkins is a popular open-source automation server for software development teams. Used for managing the development side in DevOps, the main purpose of Jenkins is to perform tasks, called jobs, such that software project builds are automatically developed in the CI/CD process. Jenkins has a distributed architecture: A master machine manages a… Continue reading Jenkins Admins: Relying on Default Settings Could Put Master at Risk of Remote Code Execution Attacks
SLUB Gets Rid of GitHub, Intensifies Slack Use
by Cedric Pernet, Elliot Cao, Jaromir Horejsi, Joseph C. Chen, William Gamazo Sanchez Four months ago, we exposed an attack that leveraged a previously unknown malware that Trend Micro named SLUB. The past iteration of SLUB spread from a unique watering hole website exploiting CVE-2018-8174, a VBScript engine vulnerability. It used GitHub and Slack as… Continue reading SLUB Gets Rid of GitHub, Intensifies Slack Use