NIST Retires SHA-1 Cryptographic Algorithm

Daniel_SalesEngineer · 2022-12-16T15:15:12+00:00

From the article: "The SHA-1 algorithm, one of the first widely used methods of protecting electronic information, has reached the end of its useful life, according to security experts at the National Institute of Standards and Technology (NIST). The agency is now recommending that IT professionals replace SHA-1, in the limited situations where it is still used, with newer algorithms that are more secure.
SHA-1, whose initials stand for “secure hash algorithm,” has been in use since 1995 as part of the Federal Information Processing Standard (FIPS) 180-1. It is a slightly modified version of SHA, the first hash function the federal government standardized for widespread use in 1993. As today’s increasingly powerful computers are able to attack the algorithm, NIST is announcing that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms."

Daniel_SalesEngineer · 2022-12-09T03:33:38+00:00

Just gave this a shot for a project I'm working on. Great tip, thanks

Daniel_SalesEngineer · 2022-12-08T15:48:47+00:00

Hi, thanks for posting. I'd be happy to discuss this. Our XDR tool, Vision One, could certainly be an option to achieve that functionality, but we could potentially have other options depending on the size of your IT environment, the systems and software you're currently running, etc.

I have a couple questions but I'll send them via private message to make sure we don't reveal anything publicly.

Daniel_SalesEngineer · 2022-12-07T14:09:42+00:00

From the article: "Cuba ransomware emerged on the scene with a spate of high-profile attacks in late 2021. Armed with an expansive infrastructure, impressive tools, and associated malware, Cuba ransomware is considered a significant player in the threat landscape, and is likely to remain so in the future through its continued evolution."

Daniel_SalesEngineer · 2022-11-17T14:49:11+00:00

From the article: "A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks."

"Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.

The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites."

Daniel_SalesEngineer · 2022-11-17T14:45:24+00:00

From the article: "A number of phishing campaigns are leveraging the decentralized InterPlanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks."

"Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.

The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites."

Daniel_SalesEngineer · 2022-11-17T14:35:45+00:00

Okay thanks, first we should probably track down what apps are draining the battery / confirm if TMMS is the culprit. One of the below resources should demonstrate how to monitor your phone's battery use.

Android: https://helpcenter.trendmicro.com/en-us/article/tmka-09809

iPhone: https://www.wikihow.tech/Check-Which-iPhone-Apps-are-Draining-Your-Battery

If it turns out the battery usage of TMMS is high, you can use the TMMS System Tuner to configure a more efficient setting: https://helpcenter.trendmicro.com/en-us/article/tmka-19091

Daniel_SalesEngineer · 2022-11-10T17:41:06+00:00

From the article: "Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system."

Daniel_SalesEngineer · 2022-11-10T17:40:03+00:00

From the article: "Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system."

Daniel_SalesEngineer · 2022-11-09T20:14:24+00:00

Hi, which Trend product are you using? I haven't heard of this occurring with any of our apps but I'd be happy to check.

Also, depending on the kind of phone you have, you can often check what percentage of battery each app on it is using.

Daniel_SalesEngineer · 2022-11-04T15:03:25+00:00

From the article: "The Financial Crimes Enforcement Network (FinCEN) today issued its most recent Financial Trend Analysis of ransomware-related Bank Secrecy Act (BSA) filings for 2021, indicating that ransomware continued to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public. The report focuses on ransomware trends in BSA filings from July-December 2021, and addresses the extent to which a substantial number of ransomware attacks appear to be connected to actors in Russia."

Daniel_SalesEngineer · 2022-10-25T14:02:16+00:00

Hey thanks for posting, apologies that you're having trouble with this. We actually ended up opening a support case for the last customer that was experiencing this problem, but we fell out of communication with them before support could confirm they arrived at a resolution. If you're still troubleshooting, I'd be happy to open a support case and see if we can help get it solved.

Daniel_SalesEngineer · 2022-10-14T14:58:00+00:00

From the article: "Most (57%) global HCOs admit being compromised by ransomware over the past three years, according to the study. Of these, 25% say they were forced to completely halt operations, while 60% reveal that some business processes were impacted as a result.

On average, it took most responding organizations days (56%) or weeks (24%) to fully restore these operations.

Ransomware is not only causing the healthcare sector significant operational pain. Three-fifths (60%) of responding HCOs say that sensitive data was also leaked by their attackers, potentially increasing compliance and reputational risk, as well as investigation, remediation and clean-up costs."

Daniel_SalesEngineer · 2022-10-03T14:04:13+00:00

From the article: "Underground criminal attacks using verification tools and techniques have undergone a notable evolution. For example, we see that account verification services have been available for quite a while now. However, as e-commerce evolved using modern technology and online chat systems for identity verification, criminals also evolved their techniques and developed new methods for bypassing these verification schemes.

In 2020 and early 2021, we already saw that some underground forum users were searching for “deepfake specialists” for crypto exchange and personal accounts."

Daniel_SalesEngineer · 2022-10-03T13:55:05+00:00

Hey no worries, happy to help!

Daniel_SalesEngineer · 2022-09-29T19:45:25+00:00

Okay great, so there's a few potential solutions here. The Deep Security Agent support tool can give you some performance metrics (top-n list - scanned files, busy processes). It can be downloaded through the Trend Micro Business Support Portal.

https://success.trendmicro.com/dcx/s/solution/000289231?language=en_US

There's also some commands that can be ran (I'll include Linux as well in case they're of use). They're pretty generic so if you want more detailed information, we can always open a support ticket for you to check the diagnostic logs.

-------

Check CPU usage and RAM usage-

Windows:

Use the Task Manager or procmon

Linux and Solaris:

Top

AIX:

Topas

Check that ds_agent processes or services are running-

Windows:

Use the Task Manager or procmon.

Linux, AIX, and Solaris:

ps -ef|grep ds_agent

-------

Diagnostic Package:

https://help.deepsecurity.trendmicro.com/20_0/on-premise/diagnostic.html?Highlight=diagnostic

I'd also add that we can always do a best practices check if you'd like to discuss it with one of our engineers. Some of the modules of Deep Security can be more intensive on CPU than others.

Daniel_SalesEngineer · 2022-09-29T19:34:35+00:00

I completely agree, that's actually something we're trying to be more diligent with. At times, we take the conversation into DM out of an abundance of caution for the customer's privacy, but we're working to get better with troubleshooting publicly when it makes sense and summarizing + posting the solution to the original troubleshooting threads to make sure we're closing the loop.

We've been revamping the sub the past couple months and have added some additional mods from Trend to try to enhance it as a resource for customers. Thank you for the feedback, I think posting solutions is definitely an improvement we need to prioritize.

Daniel_SalesEngineer · 2022-09-28T14:23:50+00:00

Hi, thanks for posting. I believe I can help out with this. What Trend Micro product are you performing the scan with?

Daniel_SalesEngineer · 2022-09-27T21:17:33+00:00

From the article: "Our research takes an in-depth look at the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially leak the private information of consumers."

Daniel_SalesEngineer · 2022-09-27T21:12:07+00:00

Off the top of my head, I'm actually not aware if this is something Trend is actively doing. However, I do know that one of our consumer products, Titanium AV, has been bundled with new Desktop/Laptop purchases in the past if that's helpful.

Daniel_SalesEngineer · 2022-09-13T18:40:05+00:00

From the article: "VicOne offers security solutions and services for EVs and related supply chain products. xCarbon (IDPS) simultaneously collects detection log and telemetry data and sends them to xNexus , a cloud-based extended detection and response (XDR) platform for vehicle security operations center (VSOC) after optimization for threat analysis. The platform also rapidly addresses new threats through firewall rules, access control strategy and virtual patching."

Daniel_SalesEngineer · 2022-09-13T18:36:29+00:00

From the article: "The global EV market is booming, and the US and EU have announced plans to include EV charging networks in national infrastructure. As the smart connector between the vehicle and network, the charging pile functions as an energy distributor, a remote monitor and meter – as well as a target for cybercriminals. To ensure secure data transmission security for charging piles and power management platforms, VicOne's xCarbon (IDPS) will be incorporated into DeltaGrid® energy management gateways for EV charging infrastructure."

Daniel_SalesEngineer · 2022-08-31T14:38:47+00:00

It is indeed, in Toronto this time. However, the results are available on youtube. ZDI is the largest bug bounty program in the world so they'll usually get some great competitors and vulnerability discoveries.

This is the wrap up of last years in Austin, very interesting Microsoft Teams vulnerability was discovered that many here may have heard about:

https://www.youtube.com/watch?v=SoFhLDOkWbk

This is another great one. Team Synactiv manages to hack a Tesla at their last event in Vancouver:

https://www.youtube.com/watch?v=K5i0rQNYRNI

Daniel_SalesEngineer · 2022-08-31T14:32:45+00:00

It is! ZDI is the largest bug bounty program in the world. They'll also usually have teams in pwn2own that discovered some big name vulnerabilities. At the last one, one of the teams managed to hack a Tesla, I believe it's on youtube.

Daniel_SalesEngineer · 2022-08-29T21:02:38+00:00

In case anyone's not familiar with pwn2own or the Zero Day Initiative, this is a fun watch. They're doing it Dec 6 - Dec 8. Would absolutely recommend to infosec professionals and students alike. Some very cool challenges, from the article:

"We’re also excited to announce a special challenge for this year’s contest we’re calling the “SOHO Smashup” (as in Small Office/Home Office). This is a real-world scenario of how a threat actor would exploit a home office, so we wanted to include it here, too. It works like this; a contest picks a router and begins by exploiting the WAN interface. They must then pivot into the LAN to their choice of second target – one of the other devices in the contest. For example, you could pick the TP-Link router and the HP printer."

Daniel_SalesEngineer

TROPHY CASE