Categories
Anti-malware

Our New Blog

Security Intelligence Blog has a new home! Our new site is https://www.trendmicro.com/en_us/research.html Read new threat discoveries, relevant perspectives on security incidents and attacks, and the latest news happening in the cybersecurity space. See you there! The post Our New Blog appeared first on .

Categories
Anti-malware

How Unsecure gRPC Implementations Can Compromise APIs, Applications

By David Fiser (Security Researcher) Enterprises are turning to microservice architecture to build future-facing applications. Microservices allow enterprises to efficiently manage infrastructure, easily deploy updates or improvements, and help IT teams innovate, fail, and learn faster. It also allows enterprises to craft applications that can easily scale with demand. Additionally, as enterprises switch architectures — […]

Categories
Anti-malware

XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

By Mac Threat Response and Mobile Research Team We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day […]

Categories
Anti-malware

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

By Marshall Chen, Loseway Lu, Yorkbing Yap, and Fyodor Yarochkin (Trend Micro Research) A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United […]

Categories
Anti-malware

Whats So Strategic About the Trend Micro and Snyk Partnership?

What does a partnership between Trend Micro and Snyk mean for you, the customer? Can you really develop and deploy applications anywhere without security slowing you down? Greg Young, VP of Cybersecurity for Trend Micro, explains how the partnership benefits Trend Micro and gives our customers an extra edge in their security platform. The post […]

Categories
Anti-malware

Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches

October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a […]

Categories
Anti-malware

Decrypting What Zero Trust Is, And What It Likely Isn’t

It’s always an indicator of confusion when instead of hearing “I want Q” I’m asked “what is Q?”. In this case the ‘Q’ is Zero Trust.  I’ll try and give my best take on what I understand Zero Trust to be. History Repeats Let’s start with the background. Quite a while back the Jericho Forum […]

Categories
Anti-malware

In Identity Theft the Target is You!

The hard truth is that identity data is the new gold—and criminal panhandlers are mining it for sale and distribution on the Dark Web. Indeed, the internet provides ways for big data breaches to result in disastrous leaks of huge databases of personal information, resulting in detailed profiles of individuals—based on their internet behaviors, including […]

Categories
Anti-malware

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

By Jaromir Horejsi and Joseph C. Chen (Threat Researchers) We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently […]

Categories
Anti-malware

This Week in Security News: Fake Apps on iOS and Google Play and Social Media Security Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the evolution of EDR to XDR (and why your CISO should care), stock trading app attacks and fake gambling apps. Also, read about how Instagram […]