Top IT Security Bloggers
TrendLabs - Malware Blog
-
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
TrendLabs - Malware BlogWe found a coinminer bundled with the legitimate installer of video conferencing app Zoom. Users who attempt to download the installer get more than what they bargain for as they instead download the AutoIt compiled malware Trojan.Win32.MOOZ.THCCABO.
The post Zoomed In: A Look into a Coinminer Bundled with Zoom Installer appeared first on . -
More Than 8,000 Unsecured Redis Instances Found in the Cloud
TrendLabs - Malware BlogWe discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds.
The post More Than 8,000 Unsecured Redis Instances Found in the Cloud appeared first on . -
Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
TrendLabs - Malware BlogRaccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals and was mentioned as a notable emerging malware in underground forums in a malware popularity report.
The post Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques appeared first on . -
Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
TrendLabs - Malware BlogA recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code. The malicious code contains exploits that target vulnerabilities present in iOS 12.1 and 12.2. Users that click on these links with at-risk devices will download a new iOS malware variant, which we have called lightSpy.
The post Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links appeared first on . -
OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution
TrendLabs - Malware BlogA root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
The post OpenSMTPD Vulnerability (CVE-2020-8794) Can Lead to Root Privilege Escalation and Remote Code Execution appeared first on . -
Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
TrendLabs - Malware BlogWe recently discovered a new campaign that we dubbed “Operation Overtrap” for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on our telemetry, Operation Overtrap has been active since April 2019 and has been solely targeting online banking users located in Japan.
The post Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan appeared first on . -
March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes
TrendLabs - Malware BlogFollowing the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important and included patches for various Windows components such as Microsoft Office, Work Folders, and Network Connections Service. One final vulnerability was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before they were patched this month.
The post March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes appeared first on . -
Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
TrendLabs - Malware BlogApache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
The post Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487) appeared first on . -
Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
TrendLabs - Malware BlogWe decided to dig deeper the behavior of Geost, a trojan targetting Russian banks, by reverse engineering a sample of the malware. The trojan employed several layers of obfuscation, encryption, reflection, and injection of non-functional code segments that made it more difficult to reverse engineer.
The post Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks appeared first on . -
Security Risks in Online Coding Platforms
TrendLabs - Malware BlogBefore cloud integrated development environments (IDEs) became an option, you, i.e., the developer, typically need to download and/or install everything you need onto your own workstations. However, as DevOps gained traction and cloud computing usage grew, you can now also code online. Convenient, yes, but are online IDEs secure? To answer this, we will focus on two popular cloud-based IDEs: AWS Cloud9 and Visual Studio Online.
The post Security Risks in Online Coding Platforms appeared first on .