As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. The Redmond-based tech giant noted that users could instead use its authenticator…
Browsing CategoryCyber Security News
Treasury Crypto Security Sanction Blocks Exchange Favored by Ransomware Actors
The U.S. government sanctioned the cryptocurrency exchange SUEX for moving money for ransomware actors. In essence, that means U.S. citizens and corporate entities are banned from using it. The statement,…
How to Cut Down on Data Breach Stress and Fatigue
If you’re tired of hearing the words ‘data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In…
A Journey in Organizational Resilience: Insider Threats
Very much like privacy concerns, insider threats may not be the first issue to come to mind when building an enterprise cyber resilience plan. However, they should be. Here is…
Top Cybersecurity Threats Around the Globe
Cybersecurity threats, risks and challenges vary a lot from one region to the next and one nation to the next. Targets vary based on local resources to exploit. Cyber criminals…
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
Nethanella Messer and James Kilner contributed to the technical editing of this blog. IBM Trusteer researchers continually analyze financial fraud attacks in the online realms. In recent research into mobile…
How Unsecure gRPC Implementations Can Compromise APIs, Applications
In this blog, we will discuss the security pitfalls that developers might face when shifting to gRPC and implementing gRPC in their projects. Because secure gRPC APIs play a pivotal role in overall application security, we provide recommendations on how to protect gRPC implementations from threats and mitigate against risks.
The post How Unsecure gRPC Implementations Can Compromise APIs, Applications appeared first on .
Our New Blog
Security Intelligence Blog has a new home! Our new site is https://www.trendmicro.com/en_us/research.html Read new threat discoveries, relevant perspectives on security incidents and attacks, and the latest news happening in the cybersecurity space. See you there!
The post Our New Blog appeared first on .
XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to bypass the System Integrity Protection(SIP) read feature on macOS, another is used to abuse the development version of Safari.
The post XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits appeared first on .
August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important.
The post August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild appeared first on .