Research, News, and Perspectives

IoT

Forced Entry: A Security Test for Automatic Garage Doors

In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature.

Research Oct 21, 2021

Exploits & Vulnerabilities

CISA Releases Automotive Cybersecurity Guide

The guide helps Transportation System Sector partners understand the cyber-physical risks related to AVs and discusses mitigation strategies they can implement.

PurpleFox Adds New Backdoor That Uses WebSockets

In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.

Research Oct 19, 2021

Cyber Threats

Tracking CVE-2021-26084 and Other Server-Based Vulnerability Exploits via Trend Micro Cloud One and Trend Micro Vision One

We look into campaigns that exploit the following server vulnerabilities: CVE-2021-26084, CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883.

Research Oct 18, 2021

Cyber Threats

This Week in Security News – October 15, 2021

Actors target Huawei Cloud using upgraded Linux malware, 7-Eleven breached customer privacy by collecting facial imagery without consent and more.

Expert Perspective Oct 15, 2021

Exploits & Vulnerabilities

Security Risks with Private 5G in Manufacturing Companies Part. 2

We can see signs of increased activity in areas of business that use 5G around the world. 5G technology will usher in new personal services through smartphones, and it will also play a large part in industry. The option of Private 5G lets private companies and local governments have their own telecom infrastructures. However, the "democratization of communications" entails its own risks that have not yet been made clear. To identify these risks, Trend Micro performed tests using an environment modeled after a steelworks with 5G equipment.

Research Oct 15, 2021

Ransomware

Ransomware Operators Found Using New "Franchise" Business Model

We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a "supplier" ransomware before deployment instead of simply distributing it under the original name.

Research Oct 15, 2021

Cyber Threats

Analyzing Email Services Abused for Business Email Compromise

We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims.

Oct 14, 2021

Compliance & Risks

Secure Manufacturing on Cloud, Edge and 5G (Download PDF)

This e-book provides you with insight into system changes brought on by factory production processes and explains how the cloud and 5G have transformed smart factories. You’ll also receive a look into how we map the attack scenario so you can identify the type of risks that lie throughout the entire system.

Security Strategies Oct 13, 2021

Compliance & Risks

New Bill to Require Cyber Attack Reporting in the US

The Cyber Incident Notification Act of 2021 would also require CISA to launch a program that would notify organizations of various vectors that malicious actors exploit.

Research, News, and Perspectives

Trending Topics