22 April 2021

Vulnerability in Trend Micro antivirus products exploited in the wild


Vulnerability in Trend Micro antivirus products exploited in the wild

Cybersecurity firm Trend Micro has posted an update to its security advisory to include a warning that a known vulnerability in its antivirus solutions is now being exploited in the wild.

The vulnerability in question is CVE-2020-24557 which is described as an improper access control issue that allows a local attacker to gain unauthorized access to otherwise restricted functionality. The vulnerability exists due to improper access restrictions within the ApexOne Security Agent. A local user can manipulate a particular product folder to disable the security temporarily and gain elevated privileges on the target system.

The flaw affects Trend Micro Apex One, Apex One SaaS, and OfficeScan Corporate Edition.

“Known vulnerabilities in Apex One, Apex One SaaS and OfficeScan agents could elevate privileges, allow an attacker to manipulate certain product folders to temporarily disable security features, or to temporarily disable certain Windows features. It may be abused,” the company wrote in the updated advisory. “We have confirmed attacks that exploit known vulnerabilities in the following products.”

While the advisory doesn’t mention who is behind the attacks or for how long they have been going on, a source told The record that the vulnerability was used by an advanced persistent threat (APT) actor, a term used to describe state-backed hacker groups.

News about hackers exploiting the Trend Micro bug comes just a day after FireEye’s reports detailing cyber attacks exploiting zero-day flaws in Pulse Secure VPN and SonicWall products.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021