A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…

Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. The enterprise-grade real-time malware detection solution provides virus, spyware and rootkit protection for servers, while also automating security operations. Also packing cleanup capabilities, the software features support for…

The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), said there were seven attempts on the first day and five of them were successful. A team called Devcore earned $200,000 for taking complete control of a Microsoft Exchange server by chaining authentication bypass and local privilege escalation vulnerabilities. A researcher who uses the online moniker…

Trend Micro’s XDR offerings simplify and optimize detection and response

Trend Micro announced Worry-Free XDR: a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses. This unmatched channel offering is available now as a standalone or managed solution tailored for SMBs. Today, 85% of organizations believe threat detection and response is getting…

Microsoft fixes two RCE flaws affecting Windows 10 machines

Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory. CVE-2020-1425 could allow attackers to obtain information to further compromise the…

Organizations will face a growing risk from their cloud and the supply chain, according to Trend Micro. Cyber risk increases at all levels The growing popularity of cloud and DevOps environments will continue to drive business agility while exposing organizations, from enterprises to manufacturers, to third-party risk. “As we enter a new decade, organizations of…

Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro. In an effort to better understand the DevOps culture, Trend Micro commissioned Vanson Bourne to poll 1,310 IT decision makers in SMB and enterprise…

Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes, according to Trend Micro. Trend Micro Research analyzed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetizing connected devices. The results reveal…