What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-26 10:15:36 | Netscout : DDOS attacks mirroring increased global geopolitical tensions (lien direct) | As distributed-denial-of-service (DDoS*) attack volumes have gradually increased over the course of the last 20 years, recent data has firmly established the link between geopolitical conflicts and these types of cyberattacks. The most apparent example of this trend is the ongoing war between Russia and Ukraine. The war has resulted in 66 per cent** of businesses changing their cybersecurity strategies, and 82 per cent*** of security professionals today believe that geopolitics and cybersecurity are intrinsically linked. What's more, according to NETSCOUT's 1H2022 Threat Intelligence Report, since Russia invaded Ukraine nearly a year ago, cyberattacks have become increasingly featured as part of threat actors' attack methodology. - Malware Update | Threat Prediction | ★★ | |
 |
2023-01-26 00:00:00 | New Mimic Ransomware Abuses Everything APIs for its Encryption Process (lien direct) | Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. | Ransomware Tool Prediction | ★★ | |
 |
2023-01-25 11:06:00 | Attackers move away from Office macros to LNK files for malware delivery (lien direct) | For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism.This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders include MLNK Builder, Quantum Builder, Macropack, LNKUp, Lnk2pwn, SharPersist, and RustLnkBuilder, but their use can provide opportunities for easier detection by security products.To read this article in full, please click here | Malware Prediction | ★ | |
 |
2023-01-24 18:14:53 | (Déjà vu) 2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC] (lien direct) |
![2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]](https://blog.knowbe4.com/hubfs/Q42022-SOCIAL.jpg)
KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. |
Prediction | ★★★★★ | |
|
2023-01-24 00:00:00 | Vice Society Ransomware Group Targets Manufacturing Companies (lien direct) | In this blog entry, we'd like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. | Ransomware Prediction | ★★ | |
 |
2023-01-20 07:15:12 | CVE-2022-48191 (lien direct) | A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | Vulnerability Prediction | ||
 |
2023-01-19 19:57:37 | Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023 (lien direct) | >Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active […] | Malware Threat Guideline Prediction | ★★★ | |
 |
2023-01-19 17:00:00 | Prédictions de cybersécurité - 2023 Cybersecurity Predictions - 2023 (lien direct) |
>Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active […] | Prediction | ★★ | |
 |
2023-01-18 22:54:00 | Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa (lien direct) | An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails, | Threat Prediction | ★★ | |
 |
2023-01-18 18:10:00 | KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend (lien direct) | KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects. | Prediction | ★★ | |
 |
2023-01-17 16:00:00 | Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures (lien direct) | Ongoing since at least mid-2022, the campaign was discovered by Trend Micro | Prediction | ★★★ | |
|
2023-01-17 13:53:00 | How attackers might use GitHub Codespaces to hide malware delivery (lien direct) | Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub's servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way."If the application port is shared privately, browser cookies are used and required for authentication," researchers from security firm Trend Micro said in a new report. "However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples."To read this article in full, please click here | Malware Prediction | ★ | |
 |
2023-01-17 13:09:56 | Attackers Can Abuse GitHub Codespaces for Malware Delivery (lien direct) | A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery, Trend Micro reports. | Malware Prediction | ★ | |
|
2023-01-13 20:00:00 | Malware Comes Standard With This Android TV Box on Amazon (lien direct) | The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted. | Malware Prediction | ★★★★ | |
|
2023-01-12 21:17:00 | Darktrace Publishes 2022 Cyberattack Trend Data For Energy, Healthcare & Retail Sectors Globally (lien direct) | The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted. | Prediction | ★★★★ | |
 |
2023-01-12 08:59:29 | DER Entitlements: The (Brief) Return of the Psychic Paper (lien direct) | Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be exploitable on iOS 16 and macOS Ventura, iOS 16.2 and macOS Ventura 13.1 nevertheless shipped hardening changes related to it. Last year, I spent a lot of time researching the security of applications built on top of XMPP, an instant messaging protocol based on XML. More specifically, my research focused on how subtle quirks in XML parsing can be used to undermine the security of such applications. (If you are interested in learning more about that research, I did a talk on it at Black Hat USA 2022. The slides and the recording can be found here and here). At some point, when a part of my research was published, people pointed out other examples (unrelated to XMPP) where quirks in XML parsing led to security vulnerabilities. One of those examples was a vulnerability dubbed Psychic Paper, a really neat vulnerability in the way Apple operating system checks what entitlements an application has. Entitlements are one of the core security concepts of Apple’s operating systems. As Apple’s documentation explains, “An entitlement is a right or privilege that grants an executable particular capabilities.” For example, an application on an Apple operating system can’t debug another application without possessing proper entitlements, even if those two applications run as the same user. Even applications running as root can’t perform all actions (such as accessing some of the kernel APIs) without appropriate entitlements. Psychic Paper was a vulnerability in the way entitlements were checked. Entitlements were stored inside the application’s signature blob in the XML format, so naturally the operating system needed to parse those at some point using an XML parser. The problem was that the OS didn’t have a single parser for this, but rather a staggering four parsers that were used in different places in the operating system. One parser was used for the initial check that the application only has permitted entitlements, and a different parser was later used when checking whether the application has an entitlement to perform a specific action. | Vulnerability Guideline Prediction | ★★★ | |
|
2023-01-12 02:00:00 | Cybersecurity spending and economic headwinds in 2023 (lien direct) | Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research.First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023.These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning.To read this article in full, please click here | Prediction | ★★ | |
 |
2023-01-10 12:18:55 | ChatGPT-Written Malware (lien direct) | I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”... | Malware Tool Prediction | ChatGPT | ★★ |
|
2023-01-06 19:16:00 | Dridex Malware Now Attacking macOS Systems with Novel Infection Method (lien direct) | A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel | Malware Prediction | ★★★ | |
|
2023-01-06 10:23:00 | Trend Micro crée CTOne, une entité dédiée à la sécurité de la 5G (lien direct) | Trend Micro crée CTOne, une entité dédiée à la sécurité de la 5G. CTOne assure une protection complète des applications au sein des environnements réseaux 5G. - Business | Prediction | ★ | |
|
2023-01-05 16:35:50 | I\'m a Technology Leader Who Sees Opportunities for Accelerating Security Transformation Through Networking and Infrastructure. Here\'s Why I Joined Netskope. (lien direct) | >Right now, I see a great opportunity in the cybersecurity industry to help customers as they navigate through security transformation. I don't come from a traditional security background; I'm what we might call a “networking guy.” But about two and a half years ago, in my previous role at Dell, I started noticing a trend […] | Prediction | ★ | |
|
2023-01-05 14:37:00 | Trend Micro Announces New Subsidiary for 5G Cybersecurity (lien direct) | >Right now, I see a great opportunity in the cybersecurity industry to help customers as they navigate through security transformation. I don't come from a traditional security background; I'm what we might call a “networking guy.” But about two and a half years ago, in my previous role at Dell, I started noticing a trend […] | Prediction | ★★ | |
 |
2023-01-05 11:00:00 | The dos and don\'ts of ransomware negotiations (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization. The initial actions to take in the event of a ransomware attack Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices. Determine what data has been affected and assess the extent of the damage. Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it. It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments. Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack. Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions. Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available. Strategies cybercrooks employ to obtain funds from victims swiftly Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include: Steal and disclose Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands. Destroy keys if a negotiation company intervenes Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf. Launch a DDoS attack Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster. Cause printers to behave abnormally Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed. Use Facebook ads for malicious purposes Criminals have been known to use advertising to gain attention for their attacks. In one ins | Ransomware Malware Threat Prediction | ★★★ | |
 |
2023-01-05 05:50:00 | Focusing on Your Adversary (lien direct) | Every day, we hear news stories or read articles about data breaches and other cyber security threats. As malicious threat actors and the risk of cyber threats increase, protecting networks and valuable information becomes more critical. So what can organizations do to ensure their networks remain secure? Organizations must understand their adversaries’ identities to keep data safe and protect it from cyber-attacks. This article will explore the different types of threats facing enterprise organizations and what they can do to stay ahead of them. Evolving Cyber Attacks Cyber attacks are constantly evolving as attackers continue to find new ways to exploit vulnerabilities. This includes: Increased use of artificial intelligence (AI) and machine learning: Attackers are using AI and machine learning to automate and improve the effectiveness of their attacks. For example, AI can be used to generate convincing phishing emails or to bypass security systems. Rise of ransomware: Ransomware attacks, which involve encrypting a victim’s data and demanding a ransom to decrypt it, have become increasingly common in recent years. Ransomware attacks can significantly impact businesses, disrupting operations and resulting in financial losses. More targeted attacks: Rather than broad-based attacks that aim to compromise as many systems as possible, attackers are increasingly using targeted attacks designed to exploit a particular organization’s vulnerabilities. Increased focus on mobile devices: Mobile devices, such as smartphones and tablets, are becoming increasingly vulnerable to cyber-attacks. As a result, attackers focus more on exploiting these devices’ vulnerabilities. Increased use of cloud services: As more organizations move to the cloud, attackers are finding new ways to exploit vulnerabilities in these systems. For example, attackers may try to gain access to an organization’s cloud-based data or disrupt its cloud-based operations. It’s not only crucial for organizations to stay up-to-date on the latest trends in cyber attacks and to implement appropriate security measures to protect against them. It’s even more important to pinpoint your adversaries to understand their TTPs to protect and predict their next attack. Types of Adversaries There are many different types of cybersecurity adversaries that organizations have to deal with. Some common types of adversaries include: Hackers: Individuals or groups who attempt to gain unauthorized access to systems or networks for various reasons, such as stealing data, disrupting operations, or causing damage. Cybercriminals: Individuals or groups who use the internet to commit crimes, such as identity theft, fraud, or extortion. Cyber Terrorists: A group that’s goal is to disrupt operations, cause harm, and destroy data. Increasingly targeting critical infrastructures such as power plants, water treatment facilities, transportation systems, and healthcare providers. Nation-state actors: Governments or government-sponsored organizations that use cyber attacks as part of their foreign policy or military operations. Insider threats: Individuals with legitimate access to an organization’s systems or networks use that access to cause harm or steal sensitive information. Malicious insiders: These are individuals who are intentionally malicious and seek to cause harm to an organization’s systems or networks. Hacktivists: The term “hacktivists” refers to people who use hacking techniques to disrupt computer systems and networks in pursuit of political goals. Hackers often work alone, though some groups do exist. Script Kiddies: Originally used to describe young hackers, it now refer | Ransomware Malware Tool Vulnerability Threat Industrial Prediction | ★★★ | |
|
2023-01-03 11:00:00 | Five reasons why Cybersecurity training is important in 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices. So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below. 1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data. 3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data. Thorough and effective cybersecurity awareness training will reduce the chances of employee error l | Data Breach Threat Guideline Industrial Prediction | ★★★ | |
|
2022-12-26 00:00:00 | CISO\'s Challenges Involved with Business Leader & SOC (lien direct) | Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT. | Industrial Prediction | ★★ | |
|
2022-12-24 00:15:08 | CVE-2022-45798 (lien direct) | A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Vulnerability Prediction | ||
|
2022-12-21 17:53:00 | (Déjà vu) Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems (lien direct) | The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So | Prediction | ★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ | |
 |
2022-12-21 11:41:48 | Malicious PyPI Package Found Posing as SentinelOne SDK in recent Hack Trend (lien direct) | In-depth studies on cybersecurity have just recently uncovered a new malicious package that was hiding out in the Python Package Index (PyPI) repository. This package was participating in a campaign known as SentinelSneak, in which it pretended to be a software development kit (SDK) for SentinelOne, a major company in the field of cybersecurity. The […] | Hack Studies Prediction | ★ | |
|
2022-12-21 05:11:00 | 2023 Anomali Predictions: New Risks to Put Added Pressure on Enterprise Defenders (lien direct) | Cybersecurity has a way of surprising us with the unexpected so I wouldn’t be surprised to see a completely new kind of security threat emerge in 2023. But as the ongoing cat-and-mouse game between attackers and defenders unfolds, certain scenarios are already coming into view. Why Threat Actors Will Love Pink Slips Amid growing economic uncertainty, many companies around the globe are tightening their belts and reducing headcount in advance of a possible economic recession. But as organizations brace for the worst, three related security risks now loom: 1. External attackers aren’t the only threats companies face. Insider threat incidents are up 44% in the past two years, as costs per incident have climbed more than a third to $15.38 million. But there’s new reason for concern since layoffs create insider threat risks – either in the form of disgruntled employees or among existing employees angry about corporate’s decision to let go of colleagues. That means more potential for theft or sabotage from within. 2. Staff reductions have unintended consequences on an organization’s security posture. When gaps in network defenses suddenly appear, the company now has fewer technical experts watching the situation. At the same time, the organization now has less visibility into the security status of its various products and systems. This presents a golden opportunity for professional threat actors searching out the path of least resistance. When they hear about layoff announcements at a particular firm, it doesn’t take very long before attackers start probing for security vulnerabilities. 3. Companies regularly get into trouble by failing to set up well-controlled and thorough off-boarding personnel procedures – particularly when it comes to senior or privileged users. Proper processes with verification of completion on user accounts, data, assets, etc. is critical. Also, don’t ignore the consequences of adding roles and responsibilities to remaining employees who may shoulder added responsibilities following a staff layoff. There are risks in maintaining segregation of duties and inadvertently creating ‘super users.’ This could pose an insider threat risk or present targets of opportunity for attackers looking to exploit ‘novices’ in new roles they have taken on. Commodity Malware and Tools Dominate Threat actor groups operate a profitable business selling increasingly complex malware and tools to would-be attackers, a trend that will continue in 2023, making it even harder for forensic investigators to determine the origin of attacks. All of which further underscores the importance of better threat intelligence to understand why certain actors are likely to target specific organizations and what malware and tools they might deploy. Supply Chain Is the Place to Be Cyber attackers stick with what works. So, after the run of big supply chain breaches in the last few years – SolarWinds 2020, Log4Shell 2021 and its variants into 2022 – expect more of the same in the new year. The too-common occurrence of trusted relationship abuse and supply chain attacks is a particular favorite of state-sponsored groups. Look for them to demonstrate patience and remain hidden as they go to great lengths to accomplish their objectives. None of this means that attackers are fated to have the advantage over defenders in 2023. But given their growing sophistication, it’s more important than ever to have fuller awareness of your assets and supply chain vectors. Pay close attention to shared development environments, where you work with 3rd parties and contractors in developing and maintaining your applications. Maintaining oversight over the security and access to these environments is key. Assure development practices and establish adequate segregation of code bases, data, and documentation. It’s hard to suffici | Malware Threat Prediction | ★★★ | |
 |
2022-12-21 00:08:12 | Cisco\'s Talos security bods predict new wave of Excel Hell (lien direct) | Criminals have noticed that spreadsheet's XLL files add custom functionality - including malware It took a few years and one temporary halt, but in July Microsoft finally began blocking certain macros by default in Word, Excel, and PowerPoint, cutting off a popular attack vector for those who target users of Microsoft's Windows OS and Office suite.… | Prediction | ★★★ | |
|
2022-12-21 00:00:00 | Detecting Windows AMSI Bypass Techniques (lien direct) | We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision One™. | Prediction | ★★★ | |
|
2022-12-20 20:46:00 | Anomali Cyber Watch: APT5 Exploited Citrix Zero-Days, Azov Data Wiper Features Advanced Anti-Analysis Techniques, Inception APT Targets Russia-Controlled Territories, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Belarus, China, Data wiping, Russia, Ukraine and Zero-days. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
APT5: Citrix ADC Threat Hunting Guidance
(published: December 13, 2022)
On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware.
Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
(published: December 12, 2022)
In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots.
Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing.
MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Network Service Scanning - T1046 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Remote Access Tools - T12 |
Malware Tool Vulnerability Threat Patching Prediction | APT 5 | ★★★ |
 |
2022-12-20 13:42:02 | Codex, ChatGPT… OpenAI, une usine à cyberattaques ? (lien direct) | Vers des cyberattaques pilotées par IA de A à Z ? Trend Micro s'est intéressé à cette possibilité avec deux outils d'OpenAI : Codex et ChatGPT. | Prediction | ChatGPT | ★★ |
|
2022-12-19 16:10:00 | Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future (lien direct) | Trend Micro's latest research paper analyzed ways in which ransomware groups could evolve to stay on top of strengthened cyber-protection measures | Ransomware Prediction | ★★★ | |
|
2022-12-19 09:11:19 | Trend Micro analyse les nouveaux modes opératoires des cybercriminels, notamment en matière de rançongiciels (lien direct) | Trend Micro Incorporated publie les résultats d'un rapport d'alerte sur l'évolution du marché des rançongiciels. Intitulé, 'The Near and Far Future of Today's Ransomware Groups', ce dernier établit une projection de l'activité des groupes spécialisés dans la cyber-extorsion, que ce soit dans d'autres domaines de la cybercriminalité ou dans l'association avec des gouvernements hostiles ou d'autres groupes issus du crime organisé. - Malwares | Ransomware Prediction | ★ | |
|
2022-12-19 08:53:50 | (Déjà vu) Keeper Security dévoile ses prédictions pour l\'année 2023 (lien direct) | Keeper Security dévoile ses prédictions pour l'année 2023 L'année 2022 fut riche en rebondissements pour le secteur de l'IT. Est-ce que cela se poursuivra en 2023 ? Keeper Security révèle ses cinq prédictions majeures pour l'année à venir en matière de cybersécurité. - Points de Vue | Prediction | ★★ | |
 |
2022-12-19 00:00:00 | Improve Cyber Security Posture with 2023 Predictions (lien direct) | If a stronger cyber security posture is one of your organization's new year's resolutions, focus on what matters with these five essential highlights from the Trend Micro Security Predictions for 2023. | Prediction | ★★ | |
 |
2022-12-16 14:00:35 | 2023 Cybersecurity Trends We\'re Tracking (lien direct) | Cybersecurity doesn't happen in a vacuum. Evolving attack trends, world events, regulatory changes, shifting organizational priorities and many other factors influence enterprise programs. With 2023 just around the corner, cybersecurity teams are considering them all... | Prediction | ★★★ | |
 |
2022-12-16 11:29:25 | Nouvelles formes d\'attaques visant les entreprises et les instances publiques (lien direct) | Les acteurs de la menace vont intensifier les attaques à destination des installations soutenant le travail hybride, des chaînes d'approvisionnement logicielles et du cloud. | Prediction | ★★★ | |
|
2022-12-16 10:02:02 | Risques cyber : Trend Micro identifie les nouvelles formes d\'attaques visant les entreprises et les instances publiques (lien direct) | Risques cyber : Trend Micro identifie les nouvelles formes d'attaques visant les entreprises et les instances publiques Les chercheurs de Trend Micro analysent l'évolution des cybermenaces afin de contribuer à une meilleure adaptation des politiques de sécurité des systèmes d'information - Investigations | Prediction | ★ | |
|
2022-12-16 00:00:00 | Trend Micro Joins Google\'s App Defense Alliance (lien direct) | Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store. | Prediction | ★★★ | |
 |
2022-12-15 20:51:24 | Expanding the App Defense Alliance (lien direct) | Posted by Brooke Davis, Android Security and Privacy Team The App Defense Alliance launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective | Malware Guideline Prediction | Uber | ★★ |
|
2022-12-15 16:20:20 | Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps (lien direct) | Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail. | Malware Threat Prediction | ★★★ | |
 |
2022-12-15 15:00:45 | (Déjà vu) #MIWIC2022: Camilla Currin, Trend Micro (lien direct) | Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2022's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the […] | Prediction | ★ | |
|
2022-12-15 13:48:43 | Les prédictions de BeyondTrust pour la cybersécurité en 2023 (lien direct) | Les prédictions de BeyondTrust pour la cybersécurité en 2023 Thomas Manierre, Directeur EMEA Sud de BeyondTrust livre ses prévisions sur les tendances émergentes qui risquent bien de marquer la décennie en cours. - Points de Vue | Prediction | ★★ | |
|
2022-12-15 11:00:00 | Dark Data: What is it? How can you best utilize it? (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data continues to be a valuable asset for an organization and plays a crucial role in making operational and strategic business decisions. With the growth of hybrid, private, and multi-cloud models, much of the data is stored on these platforms and becomes vulnerable to malicious activities and potential data leaks. Amid the vast volume of data, some of the data remains unknown, untapped, and unused with an organization's architecture. This dark data is generated by users' daily online interactions between several devices and systems. Dark data might seem like a scary term, but it isn't, though it poses some risks. Since its percentage of data is rising more quickly than organizational data, business organizations are getting concerned about it. Hence, to grasp what dark data is and what issues it signifies, it's essential to understand it from a broader perspective. What Is dark data? Dark data is the type of organizational data whose value is not identified; hence, it can be crucial business data or useless data. A research report published by BigID reveals that 84% of organizations are seriously concerned about dark data. This data consists of the additional information collected and stored during daily business activities. But perhaps to your surprise, the organization may be unaware of the dark data and typically doesn't use it. Dark data tends to be unstructured data that contains sensitive and unclassified information. The research report further reveals that eight out of ten organizations consider unstructured data the most critical to handle and secure. Dark data can be classified as follows: Emails, images, audio, video, and social media posts. Application trials including API caches and encryption keys such as VPN or SSH support. Data stored in overlooked virtual images activated or installed in local or cloud infrastructure. Forgotten unstructured data created on various database engines a long time ago. Customers and the company's employees own data on the desktop and mobile devices. The hidden data file in a file system can be in the form of old pictures, scanned documents, pdf forms, notes on MS Word documents, and signed files. Dark data might seem benign, but it holds most of the organization's information. Thus, it can pose significant security risks if it falls into the wrong hands, like leaking a company's sensitive data and damaging its industry reputation. This is particularly alarming for organisations that do not use a reliable VPN or any other security tools to ensure data privacy and safety. How can you utilize dark data to help your business? Dark data seems challenging to handle and involves lengthy manual processes, but companies need to automate these processes. Technological advancements such as the use of AI have made it easier for companies to explore and process unstructured data. Another important use of dark data is its role in boosting AI-powered solutions. As more and more data exists, the information that AI can analyse to produce even deeper insights. Alongside Artificial Intelligence, you can also use Machine Learning technology to discover untapped and unused data and insights. These insights might help organizations make more informed decisions regarding incoming data. Also, it guides them toward taking practical steps in response to their data. Implementing AI and ML systems needs internal structural changes for businesses, costing organizations a great deal of time and money. H | Data Breach Threat Guideline Prediction | ★★★ | |
|
2022-12-15 00:00:00 | Trend Joining App Defense Alliance Announced by Google (lien direct) | Trend Micro's participation in Google's App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store. | Prediction | ★★★ | |
|
2022-12-13 10:10:00 | Aussie Data Breaches Surge 489% in Q4 2022 (lien direct) | Country bucks the global trend thanks to high-profile incidents | Prediction | ★★ |
To see everything:
Our RSS (filtrered)
