Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform
#1
https://therecord.media/hackers-tried-to...-platform/          Catalin Cimpanu August 12, 2021
Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform

Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.

While details about the attacks are currently being kept under wraps, patches for both issues were made available at the end of July.

Trend Micro said the two zero-days appear to have been used together in an exploit chain where the hackers uploaded malicious code on Apex One platforms and then elevated their access to gain control over the host system.

    CVE-2021-36741: Arbitrary File Upload Vulnerability
    CVE-2021-36742: Local Privilege Escalation Vulnerability

Trend Micro is now encouraging that Apex One customers update their systems to the latest versions. The security firm said the patches impact both Apex One versions, the on-premise, and the cloud-hosted (SaaS) solution.

The two vulnerabilities mark the fifth and sixth zero-days in Trend Micro products exploited throughout 2020 and 2021. Previous zero-days include:

    CVE-2019-18187 – disclosed in January 2020 and used by Chinese hackers to breach Mitsubishi Electric.
    CVE-2020-8467 and CVE-2020-8468 – disclosed in March 2020.
    CVE-2020-24557 – disclosed in April 2021.

Trend Micro did not previously share or disclose any details about how the zero-days were exploited, so there should be no expectation that the company would share further details about the recent ones.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds mrtrout 0 1,019 11-25-2021 , 02:58 PM
Last Post: mrtrout
  Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days mrtrout 0 769 06-08-2021 , 10:08 PM
Last Post: mrtrout
  Microsoft says China-backed hackers are exploiting Exchange zero-days Bjyda 0 983 03-03-2021 , 11:39 PM
Last Post: Bjyda
  Leading Protection for Cloud-based Applications from Trend Micro mrtrout 0 973 11-26-2020 , 07:29 AM
Last Post: mrtrout
  Hackers are targeting other hackers by infecting their tools with malware dhruv2193 0 1,631 03-12-2020 , 12:16 PM
Last Post: dhruv2193

Forum Jump:


Users browsing this thread: 1 Guest(s)