Research, News, and Perspectives

Oprogramowanie ransomware

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Research Sep 20, 2024

Save to Folio

Research Sep 20, 2024

Save to Folio

Artificial Intelligence (AI)

Identifying Rogue AI

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

Expert Perspective Sep 19, 2024

Save to Folio

Expert Perspective Sep 19, 2024

Save to Folio

APT i ataki ukierunkowane

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Sep 19, 2024

Save to Folio

Sep 19, 2024

Save to Folio

Exploity i luki w zabezpieczeniach

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post.

Research Sep 18, 2024

Save to Folio

Research Sep 18, 2024

Save to Folio

Exploity i luki w zabezpieczeniach

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Research Sep 12, 2024

Save to Folio

Research Sep 12, 2024

Save to Folio

Złośliwe oprogramowanie

Earth Preta Evolves its Attacks with New Malware and Strategies

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Research Sep 09, 2024

Save to Folio

Research Sep 09, 2024

Save to Folio

APT i ataki ukierunkowane

TIDRONE Targets Military and Satellite Industries in Taiwan

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Research Sep 06, 2024

Save to Folio

Research Sep 06, 2024

Save to Folio

Phishing

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.

Research Sep 05, 2024

Save to Folio

Research Sep 05, 2024

Save to Folio

Złośliwe oprogramowanie

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

Research Sep 04, 2024

Save to Folio

Research Sep 04, 2024

Save to Folio

Artificial Intelligence (AI)

How AI Goes Rogue

This is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

Expert Perspective Sep 03, 2024

Save to Folio

Expert Perspective Sep 03, 2024

Save to Folio