Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack
According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers.Read More -
A Zero-day vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network. - Wikipedia
This was NOT a zero day. It was a known vulnerability posted as CVE-2019-18187. Trend fixed the issue and notified customers that they should update the application. Interestingly enough Trend also published a blog article outlining the dangers of outdated security software in 2014
Microsoft recently issued a report showing the difference between having lapsed antimalware and nothing, though, was slim. For example, the infection rate for PCs with no security was 2.4 percent. It was only slightly better for PCs with expired or deactivated tools, at 2.2 percent, and out-of-date ones at 1.9 percent.
This sign from the University of Reading sums it up nicely.
No comments:
Post a Comment