Home | Latest News | Popular News | Our Network | About | Contact
Security News from 'TrendMicro' | www.SecurityPhresh.com
Security News from 'TrendMicro'
Showing 'Security News from 'TrendMicro'' from 61 to 70
Dharma Ransomware Uses AV Tool To Distract From Malicious Activities
8th May 2019 [5 months ago] from TrendMicro
Trend Micro recently found new samples of Dharma ransomware using a new technique: using software installation as a distraction to help hide malicious activities. The post Dharma Ransomware Uses AV Tool to Distract from Malicious Activities...
CVE-2019-3396 Redux: Confluence Vulnerability Exploited To Deliver Cryptocurrency Miner With Rootkit
7th May 2019 [5 months ago] from TrendMicro
We discovered the Confluence vulnerability CVE-2019-3396 being used to deliver a cryptocurrency-mining malware containing a rootkit that was designed to hide its activities. The post CVE-2019-3396 Redux: Confluence Vulnerability Exploited...
Mirrorthief Group Uses Magecart Skimming Attack To Hit Hundreds Of Campus Online Stores In US And Canada
3rd May 2019 [5 months ago] from TrendMicro
We uncovered a recent activity involving the notorious online credit card skimming attack known as Magecart. The attack, facilitated by a new cybercrime group, impacted 201 online campus stores in the United States and Canada. The post...
Tech Support Scam Employs New Trick By Using Iframe To Freeze Browsers
29th Apr 2019 [5 months ago] from TrendMicro
We discovered a new technical support scam (TSS) campaign that makes use of iframe in combination with basic pop-up authentication to freeze a user’s browser. Since this technique is new and unfamiliar, it can potentially evade detection. The...
AESDDoS Botnet Malware Exploits CVE-2019-3396 To Perform Remote Code Execution, DDoS Attacks, And Cryptocurrency Mining
26th Apr 2019 [5 months ago] from TrendMicro
Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian...
Emotet Adds New Evasion Technique And Uses Connected Devices As Proxy C&C Servers
25th Apr 2019 [5 months ago] from TrendMicro
Recently, an analysis of Emotet traffic has revealed that new samples use a different POST-infection traffic than previous versions. It is also attempting to use compromised connected devices as proxy command and control (CC) servers that...
Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability In Apache Tomcat
24th Apr 2019 [5 months ago] from TrendMicro
CVE-2019-0232 is a vulnerability in Apache Tomcat that could allow attackers to execute arbitrary commands by abusing an operating system command injection brought about by a Tomcat CGI Servlet input validation error. The post Uncovering...
Analysis: Abuse Of Custom Actions In Windows Installer MSI To Run Malicious JavaScript, VBScript, And PowerShell Scripts
23rd Apr 2019 [5 months ago] from TrendMicro
We recently discovered malicious Microsoft Software Installation (MSI) files that download and execute other files, and could bypass traditional security solutions. Malicious actors can abuse custom actions in these files to execute malicious...
Analyzing C/C++ Runtime Library Code Tampering In Software Supply Chain Attacks
22nd Apr 2019 [5 months ago] from TrendMicro
For the past few years, the security industry’s very backbone — its key software and server components — has been the subject of numerous attacks through cybercriminals’ various works of compromise and modifications. Such attacks...
Zero-day XML External Entity (XXE) Injection Vulnerability In Internet Explorer Can Let Attackers Steal Files, System Info
19th Apr 2019 [5 months ago] from TrendMicro
A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability...
« Newer 2 3 4 5 6 7 8 9 10 11 Older »