Top IT Security Bloggers
TrendLabs - Malware Blog
-
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
TrendLabs - Malware BlogThe threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
The post More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting appeared first on . -
Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update
TrendLabs - Malware BlogFollowing the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft SharePoint, among others.
The post Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update appeared first on . -
49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play
TrendLabs - Malware BlogWe recently found 49 new adware apps on Google Play, disguised as games and stylized cameras. Before they were taken down by Google, the total number of downloads for these apps was more than 3 million. This recent incident continues an ongoing trend of mobile adware surges
The post 49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play appeared first on . -
New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse
TrendLabs - Malware BlogWe discovered a new exploit kit named Capesand in October 2019. Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). Based on our investigation, it also exploits a 2015 vulnerability for IE. It seems the cybercriminals behind the exploit kit are continuously developing it and are reusing source code from a publicly shared exploit kit code.
The post New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse appeared first on . -
Current and Future Hacks and Attacks that Threaten Esports
TrendLabs - Malware BlogCybercriminals will increasingly target the esports industry over the next three years. Many underground forums already have sections dedicated to gaming or esports sales, and the goods and services offered in these forums generate a lot of interest.
The post Current and Future Hacks and Attacks that Threaten Esports appeared first on . -
AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
TrendLabs - Malware BlogBy Miguel Carlo Ang and Earle Maui Earnshaw We recently saw a malicious spam campaign that has AutoIT-compiled payloads – the trojan spy Negasteal or Agent Tesla (detected by Trend Micro as TrojanSpy.Win32.NEGASTEAL.DOCGC), and remote access trojan (RAT) Ave Maria or Warzone (TrojanSpy.Win32.AVEMARIA.T) – in our honeypots. The upgrading of payloads from a typical trojan...
The post AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam appeared first on . -
Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing
TrendLabs - Malware BlogWe found an app on Google Play named “Yellow Camera”, which poses as a camera and photo beautification or editing app embedded with a routine of reading SMS verification codes from the System Notifications, and, in turn, activate a Wireless Application Protocol (WAP) billing. We disclosed our findings to Google, and the app, along with related ones we saw, are no longer in the Play store.
Based on the name of the file downloaded by the app, it appears it is mostly targeting users in Southeast Asia (e.g., Thailand, Malaysia). However, we’ve also seen the app targeting Chinese-speaking users, so it won’t be a surprise if the app gradually shifts or expands targets. While the app has already been taken down in the Play store, we found that the fraudsters uploaded similar apps to the app store.
The post Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing appeared first on . -
CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings
TrendLabs - Malware BlogIn September, security researchers discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution attacks (RCE) — making it a serious concern for Exim customers who use vulnerable versions of the software.
The post CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings appeared first on . -
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
TrendLabs - Malware BlogWe discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops.
The post FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops appeared first on . -
Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches
TrendLabs - Malware BlogOctober’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins fixed several issues, including NLTM and Microsoft IIS server vulnerabilities.
The post Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches appeared first on .