Security News

Microsoft has blocked a Trend Micro driver from running on Windows 10 - and Trend has withdrawn downloads of its rootkit detector that uses the driver - after the code appeared to game Redmond's QA tests. We note that while the driver appears in other Trend Micro products, they may not necessarily be using the now-blocked driver, or may have received a suitable hot fix, and thus will continue working on Windows 10 20H1. Trend Micro has ignored our repeated requests for an explanation as to why its software altered its operation specifically while under test, though it insisted "At no time was the Trend Micro team avoiding certification requirements." A spokesperson for Trend was not available for immediate comment on the move to block the driver on Windows 10.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world." Demirkapi believes Trend's kernel driver is cheating on Microsoft's WHQL driver verification test: if the driver detects it is installed on a computer running the test, it alters its behavior to pass the examination, whereas outside the test, it would fail to meet Microsoft's quality standards.

Business email compromise attempts were globally up by a quarter in the first two months of this year alone, according to research from threat intel firm Trend Micro. "IT security teams around the world may be under significant pressure today, as the corporate attack surface expands thanks to mass home working demands in the face of the COVID-19 epidemic. But now, more than ever, they must be on high alert as opportunistic cyber-attackers look to strike," said a solemn Ian Heritage, cloud security architect at Trend Micro.

The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro. A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.

A little more than a week after forgoing March's Patch Tuesday hullabaloo, Adobe has emitted fixes for dozens of security flaws in its applications. The ever-vulnerable Reader and Acrobat on Windows and macOS require patching for 13 CVE-listed holes, nine of which can be exploited to gain malicious code execution on vulnerable machines.

Two of these vulnerabilities are under active attack. The first of two flaws under attack is a critical vulnerability that exists in the migration tool component of Apex One and OfficeScan.

Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the latest software versions as soon as possible. CVE-2020-8467, a critical flaw in the migration tool component of the two solutions that could allow remote attackers to execute arbitrary code on affected installations.

Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have been exploited in the wild. The exploited vulnerabilities were identified by Trend Micro's own researchers, but no information has been released about the attacks.

In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances...