Security News > 2021 > August > Trend Micro Confirms In-the-Wild Zero-Day Attacks
Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products.
In a security bulletin released quietly on July 28, Trend Micro rolled out patches for at least four documented vulnerabilities alongside a warning that malicious attackers are already launching exploits against two of the security defects.
Trend Micro did not provide any additional information on the in-the-wild attacks.
The Trend Micro bulletin, rated critical, documents four security flaws - CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, and CVE-2021-36742 - affecting the Trend Micro Apex One and Apex One as a Service on Windows.
This is not the first time Trend Micro has warned customers that a vulnerability in one of its products has been exploited in live malware attacks.
Trend Micro also issued a warning in March 2020, when it learned that two vulnerabilities affecting Apex One and OfficeScan had been exploited in the wild.
News URL
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-04 | CVE-2021-32465 | Improper Preservation of Permissions vulnerability in Trendmicro Apex ONE and Officescan An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. | 6.5 |
2021-08-04 | CVE-2021-32464 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE and Officescan An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. | 7.2 |
2021-07-29 | CVE-2021-36742 | Improper Input Validation vulnerability in Trendmicro products A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. | 4.6 |
2021-07-29 | CVE-2021-36741 | Improper Input Validation vulnerability in Trendmicro products An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. | 8.8 |