Home » Tag Archives: Trend Micro

Tag Archives: Trend Micro

Operators of Dridex and Locky Trojans use new AndroMut loader

ta505

Experts of the Proofpoint company found that the Russian-speaking hack group TA505 switched to using the new loader, AndroMut. It is believed that this grouping existed at least since 2014 and is associated with such large-scale malicious campaigns as the distribution of Drirex and Shifu bankers, Locky cryptographer, as well as the extortionists Philadelphia and GlobeImposter, ServHelper backdoors and FlawedAmmyy. …

Read More »

Attackers actively exploit previously discovered vulnerability in Oracle WebLogic

Vulnerability in Oracle WebLogic

A recently fixed vulnerability in Oracle WebLogic is actively exploited by cybercriminals for installation on vulnerable servers of cryptocurrency miners. This is a deserialization vulnerability (CVE-2019-2725) that allows an unauthorized attacker to remotely execute commands. Problem was discovered in April this year, when cybercriminals had already shown interest in it. Oracle fixed vulnerability at the end of the same month, …

Read More »

Cybercriminals infect Docker hosts with an open API, and then look for similar ones using Shodan service

Attackers scan the Internet for Docker installations with open APIs and use them to distribute malicious Docker images infected by mining Monero cryptocurrency and scripts that use Shodan for search of new victims. A new campaign was noticed by Trend Micro researchers after a malicious image with a crypto miner was loaded onto one of their trap installations. “By analyzing …

Read More »

Named three American antivirus producers, hacked by Fxmsp band

Cybercriminal or cybercriminals under the nick Fxmsp, have stolen and put on sale source codes of antivirus products and other confidential information. About it recently reported Trojan–Killer. Because of security reasons, names of affected vendors were not disclosed. Nevertheless, BleepingComputer portal managed to get from Internet-security company AdvIntel exclusive unedited evidence that disclosed Fxmsp victims. AdvIntel collected information about Fxmsp …

Read More »

In Atlassian Confluence Server is found vulnerability through which intruders can upload malware programs

Cybercriminals actively use critical vulnerability in Atlassian Confluence Server for remote hacking of Linux- and Windows-servers. Intruders install extortionate software as GandGrab and Dofloo (other names are AES.DDoS and Mr. Black) on compromised servers. The issue is in template injection in Widget Connector (CVE-2019-3396) that allows remote attacker to perform catalogue bypass and perform random code on settings of Confluence …

Read More »