#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Trend Micro | Breaking Cybersecurity News | The Hacker News

Category — Trend Micro
Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

Oct 17, 2022
The threat actors behind the  Black Basta   ransomware family  have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the  nascent adversary simulation software  is being delivered via a Qakbot infection, cybersecurity firm Trend Micro  said  in a technical analysis released last week. The intrusion, achieved using a phishing email containing a weaponized link pointing to a ZIP archive, further entailed the use of Cobalt Strike for lateral movement. While these legitimate utilities are designed for conducting penetration testing activities, their ability to offer remote access has made them a lucrative tool in the hands of attackers looking to stealthily probe the compromised environment without attracting attention for extended periods of time. This has been compounded by the fact that a  cracked version  of Brute Ratel C4 (BRc4 v1.2.2) began circulating last month across
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

Sep 22, 2022
A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment information stealers, remote access trojans (RATs), and ransomware," Trend Micro threat researcher Sunil Bharti  said  in a report. The issue, tracked as  CVE-2022-26134  (CVSS score: 9.8), was addressed by the Australian software company in June 2022. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script ("ro.sh") on the victim's machine, which, in turn, fetched a second shell script ("ap.sh"). The malicious code is designed to update the  PATH variable  to include additional paths
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey conducted o
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Sep 16, 2022
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it  found  the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as Security-Enhanced Linux ( SELinux ), and others. The operators behind the  Kinsing malware  have a history of scanning for vulnerable servers to co-opt them into a botnet, including that of  Redis ,  SaltStack ,  Log4Shell ,  Spring4Shell , and the Atlassian Confluence flaw ( CVE-2022-26134 ). The Kinsing actors have also been involved in campaigns against container environments via  misconfigured open Docker Daemon API ports  to launch a crypto miner and subsequently spread the malware to other containers and hosts. The latest wave of attacks entails the actor weaponizing  CVE-2020-14882  (CVSS score:
cyber security

How To Comply With The Cyber Insurance MFA Checklist

websiteSilverfortCyber Insurance / Authentication
Learn how to comply with the checklist of resources requiring MFA coverage in cyber insurance policies.
Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

Sep 05, 2022
A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate, thereby making it possible to circumvent privileges and terminate services associated with endpoint protection applications. Genshin Impact is a popular action role-playing game that was developed and published by Shanghai-based developer miHoYo in September 2020. The driver used in the attack chain is said to have been built in August 2020, with the existence of the flaw in the module  discussed  after the release of the game, and leading to  exploits   demonstrating  the ability to kill any arbitrary process and escalate to kernel mode. The idea, in a nutshell, is to use the leg
Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

Aug 13, 2022
A pair of reports from cybersecurity firms  SEKOIA  and  Trend Micro  sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the Windows operating system and rshell artifacts for Linux and macOS. As many as 13 different entities located in Taiwan and the Philippines have been at the receiving end of the attacks, eight of whom have been hit with rshell. The first victim of rshell was reported in mid-July 2021. Lucky Mouse, also called  APT27 , Bronze Union, Emissary Panda, and Iron Tiger, is known to be active since 2013 and has a history of gaining access to targeted networks in pursuit of its political and military intelligence-collection objectives aligned with China. The advanced persistent threat actor (APT)
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

Aug 01, 2022
The operators of the Gootkit access-as-a-service ( AaaS ) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama  said  in a write-up last week. The findings build on a previous report from eSentire, which  disclosed  in January of widespread attacks aimed at employees of accounting and law firms to deploy malware on infected systems. Gootkit is part of the proliferating underground ecosystem of access brokers, who are known to provide other malicious actors a pathway into corporate networks for a price, paving the way for actual damaging attacks such as ransomware. The loader utilizes malicious search engine results, a technique called  SEO poisoning , to lure unsuspecting users into visiting compromised websites hosting malware-laced ZIP pac
New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers

Mar 18, 2022
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink , almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a  new report  published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that none of the infected hosts "belong to critical organizations, or those that have an evident value on economic, political, or military espionage." Intelligence agencies from the U.K. and the U.S. have  characterized  Cyclops Blink as a replacement framework for  VPNFilter , another malware that has exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. Both VPNFilter and Cyclops Blink have been attributed to a Russian state-sponsored actor tracked as Sandworm (aka Voodoo Bear), which has also been li
New CapraRAT Android Malware Targets Indian Government and Military Personnel

New CapraRAT Android Malware Targets Indian Government and Military Personnel

Feb 07, 2022
A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called  CapraRAT  by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth Karkaddan, a threat actor that's also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe. The first concrete signs of APT36's existence  appeared  in  2016  as the group began distributing information-stealing malware through phishing emails with malicious PDF attachments targeting Indian military and government personnel. The group is believed to be of  Pakistani origin  and operational since at least 2013. The threat actor is also known to be consistent in its modus operandi, with the attacks predominantly banking o
Hackers Plan Christmas Data Attacks via Social Media Apps

Hackers Plan Christmas Data Attacks via Social Media Apps

Dec 24, 2010
Hackers are planning to increase data security attacks via applications on social networking websites this Christmas, according to an expert. Earlier this month, IT security firm Sophos traced the history of malware and viruses created over the Christmas period from 1987 until 2009. The blog post revealed that, although some were relatively harmless festive pranks, more cyberattacks over the holidays could have serious repercussions for computer users. Rik Ferguson, senior security analyst at Trend Micro, stated that hackers conduct such attacks annually. "Criminals absolutely do, every year without fail, conduct campaigns designed to take advantage of people's willingness to search for and click on links relating to Christmas activity, whether that's through phishing campaigns or sending social engineering emails masquerading as Christmas cards," he said. Mr. Ferguson added that apps on social networking sites had "come of age as an attack platform" and
Expert Insights / Articles Videos
Cybersecurity Resources