Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Trend Micro addresses two issues exploited by hackers in the wild

Trend Micro has addressed several serious vulnerabilities in its products, including two flaws that have been exploited in the wild. Trend Micro has released security updates to address several serious flaws in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of vulnerabilities that have been exploited by threat actors in the […]

Trend Micro hack

Trend Micro has addressed several serious vulnerabilities in its products, including two flaws that have been exploited in the wild.

Trend Micro has released security updates to address several serious flaws in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of vulnerabilities that have been exploited by threat actors in the wild.

Both vulnerabilities exploited in the wild were found by the researchers of the company, but the company did not release details about the attacks.

The first issue, tracked as CVE-2020-8467, impacts the migration tool component of Apex One and OfficeScan. It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs.

“A migration tool component of Trend Micro Apex One and OfficeScan contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.” reads the advisory published by Trend Micro.

The vulnerability rated as critical severity has received a CVSS score of 9.1.

The second vulnerability exploited in the wild, tracked as CVE-2020-8468 is a content validation escape issue that affects the agents for Worry-Free Business Security, Apex One and OfficeScan. The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”

“Trend Micro Worry-Free Business Security agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.” reads the advisory.

The CVE-2020-8468 vulnerability, rated as High severity has a CVSS score of 8.0.

Experts pointed out that both issues have to be chained with other vulnerabilities to be exploited in attacks in the wild.

In January, Chinese hackers have exploited another zero-day vulnerability in the Trend Micro OfficeScan antivirus in an attack that hit Mitsubishi Electric.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]