MCCrash botnet targets private Minecraft servers, Microsoft warns
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a...
News
Microsoft revised CVE-2022-37958 severity due to its broader scope
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022....
Ransomware Business Models: Future Pivots and Trends
Ransomware groups and their business models are expected to change from what and how we know it to date. In...
Trend Joining App Defense Alliance Announced by Google
Trend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from being...
Managing Cyber Risk in 2023: The People Element
Explore the latest findings from Trend Micro’s Cyber Risk Index (1H’2022) and discover how to enhance cybersecurity risk management across...
Chinese MirrorFace APT group targets Japanese political entities
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a...
Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale
The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a...
FBI seized 48 domains linked to DDoS-for-Hire service platforms
The U.S. Department of Justice (DoJ) seized forty-eight domains that offered DDoS-for-Hire Service Platforms to crooks. The U.S. Department of...
Crooks use HTML smuggling to spread QBot malware via SVG files
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a...
Reassessing cyberwarfare. Lessons learned in 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We...
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged...
GoTrim botnet actively brute forces WordPress and OpenCart sites
Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a...
December 2022 Patch Tuesday fixed 2 zero-day flaws
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates...
Apple fixed the tenth actively exploited zero-day this year
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856)....
3.5m IP cameras exposed, with US in the lead
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a...
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest
VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition....
Forging Ahead in 2023: Insights From Trend Micro’s 2023 Security Predictions
In 2023, cybercriminals and defenders alike will have to move forward with caution in the face of a business landscape...
Intrusion Detection & Prevention Systems Guide
IDPS, IDS, IPS… what’s the difference? Discover key differences between intrusion detection and prevention systems as well as 9 technical...
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges...
Lockbit ransomware gang hacked California Department of Finance
LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit...
Experts detailed a previously undetected VMware ESXi backdoor
A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted...
Twitter says recently leaked user data are from 2021 breach
Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022....
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool....
US-CERT Bulletin (SB22-346):Vulnerability Summary for the Week of December 5, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
