New SLUB Backdoor Uses GitHub, Communicates via Slack

by Cedric Pernet, Daniel Lunghi, Jaromir Horejsi, and Joseph C. Chen We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected … [Read more…]

UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities

by Tony Yang (Home Network Researcher) Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of … [Read more…]

Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 1

How many of you can remember what it was like managing IT security 10 years ago? How about two decades? The truth is that the landscape was so utterly different back then that any comparisons with today are a little unfair. Yet they’re useful in one key regard: to teach us just how complex and … [Read more…]

Exposed IoT Automation Servers and Cybercrime

by: Stephen Hilt, Numaan Huq, Martin Rösler, and Akira Urano In our latest research “Cybersecurity Risks in Complex IoT Environments: Threats to Smart Homes, Buildings and Other Structures,” we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of the research also involved a look … [Read more…]

A Look Back at the 2018 Security Landscape

Do you ever question the value of the mounds of data we all collect? We make a point to stop, analyze and share, especially because we know you might not have the time. So, I bring you our annual look back at the more interesting security events and trends seen last year. The report, Caught … [Read more…]

This Week in Security News: Instagram Hackers and Enterprise Threats

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how a group of hackers is stealing popular Instagram profiles. Also, learn about old and new cybersecurity issues inundated enterprises in 2018. Read on: Insecure VPNs: … [Read more…]

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware

by Alfredo Oliveira (Senior Threat Researcher)  Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers … [Read more…]

Protecting against the next wave of advanced threats targeting Office 365 – Trend Micro Cloud App Security 2018 detection results and customer examples

Since the release of “Trend Micro Cloud App Security 2017 Report” about a year ago, threats using email as the delivery vector have grown significantly. Business Email Compromise (BEC) scams have already caused USD $12.5 billion in global losses as of 2018 – a 136.4% increase from the $5.3 billion reported in 2017. The popularity … [Read more…]

How a Hacking Group is Stealing Popular Instagram Profiles

by Jindrich Karasek and Cedric Pernet (Threat Researchers) Social media influencers build and expand their business or brand through credibility and authenticity to their audience. For hackers, however, they could be seen as trophies. That’s what happened to a photographer with more than 15,000 followers on Instagram, when she had her account stolen. A closer … [Read more…]

Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution

by Branden Lynch (Threats Analyst) The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web … [Read more…]