Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Growth Setup Attacker Abuses Victim Resources to Reap Rewards from Titan Network | Trend Micro (US) Cyber Threats In this blog entry, we discuss how an attacker took advantage of the Atlassian…
News
Understanding the Initial Stages of Web Shell and VPN Threats An MXDR Analysis
In both incidents, a major pain point was the lack of application logs (i.e., VPN and IIS logs). These logs are crucial, as they help in understanding how the threat…
Unmasking Prometei A Deep Dive Into Our MXDR Findings
Identifying the Threat Group The threat actors behind Prometei remain largely unidentified, but evidence suggests they are Russian-speaking individuals. The name “Prometei,” derived from the Russian translation for Prometheus, hints…
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach
Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach | Trend Micro (US) Cyber Threats In this blog entry, we discuss how malicious actors are exploiting Docker remote API…
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
Attackers Target Exposed Docker Remote API Servers With perfctl Malware | Trend Micro (US) Malware We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the…
How to Mitigate the Impact of Rogue AI Risks
In previous parts of this series on Rogue AI, we briefly explored what organizations can do to better manage risk across their AI attack surface. And we touched on ways…
5 Forrester Takeaways Around AI Security
Depending on who you ask, generative AI could either be the salvation of humankind or the bringer of our doom. For cybersecurity specifically, it’s been positioned both as a kind…
Fake LockBit Real Damage Ransomware Samples Abuse AWS S3 to Steal Data
When executed on the infected machine, the ransomware first performs initialization through the following steps: Get the host machine universal unique identifier (UUID) Import the hard-coded public key The public…
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
Conclusion In our ongoing efforts to monitor and mitigate emerging threats, we have observed based on our internal telemetry that certain threat actors are attempting to leverage EDRSilencer as part…
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign Targets Brazil With Astaroth Malware
We track this intrusion set as Water Makara, which uses the Astaroth malware with a new defense evasion technique. Astaroth, a notorious information-stealing banking trojan, remains active and is anticipated…