Saving Summer: 5 Strategies to Help Reign In Family Screen Time Over Break
It’s the most wonderful time of the year — for teachers and lifeguards. For everyone else (parents) we have a little prep work to do to make sure the summer doesn’t lull our kids into digital comas. Most of us have learned that given zero limits, kids will play video games, watch YouTube, send snaps, […] more…Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
by Raphael Centeno The Dharma ransomware has been around since 2016, but it has continued to target and successfully victimize users and organizations around the world. One high profile attack happened in November 2018 when the ransomware infected a hospital in Texas, encrypting many of their stored records; luckily the hospital was able to recover […] more…Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices
By: Mark Vicente, Byron Galera, and Augusto Remillano (Threats Analysts) We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Trend Micro detects this malware as Backdoor.Linux.BASHLITE.SMJC4, Backdoor.Linux.BASHLITE.AMF, Troj.ELF.TRX.XXELFC1DFF002, and Trojan.SH.BASHDLOD.AMF. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and […] more…Game of Threats
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment more and more with […] more…Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response
By Erika Mendoza, Jay Yaneza, Gilbert Sison, Anjali Patil, Julie Cabuhat, and Joelson Soares Through our managed detection and response (MDR) monitoring, we discovered the modular Emotet malware distributing the Nymaim malware, which then loads the Nozelesn ransomware. We detected this particular Emotet variant in one of our monitored endpoints in the hospitality industry in […] more…Crypto Market Predictions – Will The Crypto Market Keep Falling?
Looking at the current volatility and uncertainty of cryptocurrencies, crypto market predictions can only give you a vague idea which digital coin can turn out to be the big winner of your portfolio. However, these crypto speculations have brought to the surface questions which seem to become favorites of the crypto analysts, influencer, investors, and […] more…March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild
Microsoft’s Patch Tuesday for March addressed 64 vulnerabilities, 17 of which were rated critical, 45 important, one moderate, and another low in severity. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, were reported to have been actively exploited in the wild. The patches addressed security flaws in a number of Microsoft products and services: .NET Framework, […] more…From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
By: Augusto Remillano and Kiyoshi Obuchi (Threats Analysts) Powload’s staying power in the threat landscape shows how far it has come. In fact, the uptick of macro malware in the first half of 2018 was due to Powload, which was distributed via spam emails. Powload was also one of the most pervasive threats in the […] more…UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities
by Tony Yang (Home Network Researcher) Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of […] more…Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware
by Alfredo Oliveira (Senior Threat Researcher) Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers […] more…How a Hacking Group is Stealing Popular Instagram Profiles
by Jindrich Karasek and Cedric Pernet (Threat Researchers) Social media influencers build and expand their business or brand through credibility and authenticity to their audience. For hackers, however, they could be seen as trophies. That’s what happened to a photographer with more than 15,000 followers on Instagram, when she had her account stolen. A closer […] more…ThinkPHP Vulnerability Abused by Botnets Hakai and Yowai
By Augusto Remillano II Cybercriminals are exploiting a ThinkPHP vulnerability — one that was disclosed and patched in December 2018 — for botnet propagation by a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai. Cybercriminals use websites created using the PHP framework to breach web servers via dictionary attacks on default credentials and […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
by Augusto Remillano II and Mark Vicente (Threats Analysts) The exploitation of vulnerabilities in smart devices has been a persistent problem for many internet of things (IoT) users. Perhaps the most infamous IoT threat is the constantly evolving Mirai malware, which has been used in many past campaigns that compromised devices with default or weak […] more…URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
As ransomware and banking trojans captured the interest – and profits – of the world with their destructive routines, cybersecurity practitioners have repeatedly published online and offline how cybercriminals have compartmentalized their schemes through exchange of information and banded professional organizations. As a more concrete proof of the way these symbiotic relationships and work flows […] more…Ghosts of Botnet’s Past, Present, and Future
‘Twas the morning of October 21st, and all through the house many IoT devices were stirring, including a connected mouse. Of course, this wasn’t the night before Christmas, but rather the morning of Dyn — the 2016 DDoS attack on the service provider that took the entire East Coast offline for a few hours. The […] more…More information
- Microsoft Excel CVE-2012-1886 Memory Corruption Remote Code Execution Vulnerability
- WoSign Changes Leadership Due to Certificate Incidents
- ICANN housecleaning will revoke old DNS security key this week
- Apple reportedly planning to combine iPhone, iPad, and Mac apps by 2021
- Google continues enterprise push with Data Loss Prevention for Gmail
- SlickLogin Aims To Kill The Password By Singing A Silent Song To Your Smartphone
- ‘Hacker hostels’ let tech hopefuls snooze — and schmooze
- Enterprise IT staff Upgrading TLT SAN Storage Controllers
- News Corp accused of getting hackers to pirate and clone Sky-rival smartcards
- Wanted: Data breach risk ratings, because not all breaches are equal