Trend Micro warns of active attacks against Apex Central console – The Daily Swig

Cyber Warfare
Russia is ‘failing’ in its mission to destabilize Ukraine’s networks
Hacker-powered security
Human error bugs increasingly making a splash, study indicates
In focus
Software supply chain attacks – everything you need to know
Special report
Inaugural report outlines strengths and weaknesses exposed by momentous security flaw
Chromium site isolation bypass
Flaw that opened the door to cookie modification and data theft resolved
Bug Bounty Radar
The latest programs for June 2022
Cybersecurity conferences
A schedule of events in 2022 and beyond
Scramble to patch security dashboard
Active attacks have prompted Trend Micro to patch its Apex Centre dashboard

Trend Micro has advised customers to update its Apex Central technology following the discovery of web-based attacks targeting a newly discovered vulnerability.
Both hosted and on-premises versions of the Apex Central web-based centralized management console are vulnerable to a file upload vulnerability that poses a remote code execution (RCE) risk.
Put simply, flaws in a security dashboard that allows security teams to monitor endpoints for security compliance and threats make it possible for attackers to upload and subsequently execute malware within corporate environments. This has already happened in an unspecified but low number of hostile attacks, Trend Micro admits in a security notice:
Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest version as soon as possible.
The hosted version of the technology is already updated, while security updates released by Trend Micro this week need to be applied to on-premises installations.
The CVE-2022-26871 vulnerability was discovered by Trend Micro Research. The Daily Swig asked the vendor to offer more information on the type of attacks it has seen, for example on whether they might be characterized as targeted attacks by a nation-state or similar, as well as some context on how its team came across the vulnerability.
No word back for now, but we’ll update this story as and when more information comes to hand.
Even despite – or perhaps because of – the lack of hard facts, security experts are busy commenting on the impact of the flaw as well as criticising Trend Micro for leaving itself open to such a well-known class of web security vulnerability.
YOU MIGHT ALSO LIKE Critical SQL injection flaw fixed in Rapid7’s Nexpose vulnerability scanner
John Leyden
@jleyden
Burp Suite
Vulnerabilities
Customers
Company
Insights
© 2022 PortSwigger Ltd.

source