Analyzing an Old Bug and Discovering CVE-2021-30995

Trend Micro – Trend Micro – On April 26, 2021 Apple patched CVE-2021-1740, which was a vulnerable function inside the system daemon process cfprefsd (these types of processes usually run…

Uncovering and Defending Systems Against Attacks With Layers of Remote Control

Trend Micro – Trend Micro – Fortunately, we were able to provide the customer with timely alert and intervention from the moment the initial intrusion via the cloud server was…

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Trend Micro – Trend Micro – Volatile and Adaptable: Tracking the Movements of Modern Ransomware Ransomware Trend Micro’s tracking of modern ransomware, as well as of older families, shows which…

Collecting In the Dark: Tropic Trooper Targets Transportation and Government

Trend Micro – Trend Micro – While analyzing samples, we found that the C&C server was already inactive. Without knowing the traffic between SmileSvr and C&C server, we could not…

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Trend Micro – Trend Micro – Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of…

QAKBOT Loader Returns With New Techniques and Tools

Trend Micro – Trend Micro – QAKBOT Loader Returns With New Techniques and Tools Malware QAKBOT operators resumed email spam operations towards the end of September after an almost three-month…

What To Expect in a Ransomware Negotiation

Trend Micro – Trend Micro – This standard introduction shows a level of professionalism, indicating that the ransomware group uses a standard playbook for negotiating staff. While other ransomware families…

PurpleFox Adds New Backdoor That Uses WebSockets

Trend Micro – Trend Micro – PurpleFox Adds New Backdoor That Uses WebSockets Cyber Threats In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related…

Ransomware Operators Found Using New “Franchise” Business Model

Trend Micro – Trend Micro – Shared infrastructure  To date, we have found fifteen onion addresses used by at least four different servers, and three others still unknown. Onion Address…

FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

Trend Micro – Trend Micro – FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal Exploits & Vulnerabilities Trend Micro detected a new campaign using a recent version…