Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Trend Micro warns of active attacks against Apex Central console

Trend Micro has advised customers to update its Apex Central technology following the discovery of web-based attacks targeting a newly discovered vulnerability.

Both hosted and on-premises versions of the Apex Central web-based centralized management console are vulnerable to a file upload vulnerability that poses a remote code execution (RCE) risk.

Put simply, flaws in a security dashboard that allows security teams to monitor endpoints for security compliance and threats make it possible for attackers to upload and subsequently execute malware within corporate environments. This has already happened in an unspecified but low number of hostile attacks, Trend Micro admits in a security notice:

Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest version as soon as possible.

The hosted version of the technology is already updated, while security updates released by Trend Micro this week need to be applied to on-premises installations.

The CVE-2022-26871 vulnerability was discovered by Trend Micro Research. The Daily Swig asked the vendor to offer more information on the type of attacks it has seen, for example on whether they might be characterized as targeted attacks by a nation-state or similar, as well as some context on how its team came across the vulnerability.

No word back for now, but we’ll update this story as and when more information comes to hand.

Even despite – or perhaps because of – the lack of hard facts, security experts are busy commenting on the impact of the flaw as well as criticising Trend Micro for leaving itself open to such a well-known class of web security vulnerability.

Source: https://portswigger.net/daily-swig/trend-micro-warns-of-active-attacks-against-apex-central-console

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO