Trend Micro issues warning for zero-day attacks hitting customers using its Apex One products

A few weeks ago security teams at Trend Micro released a pair of updates to address four security flaws in Apex One and Apex One as a Service (SaaS) products, plus a warning related to a hacking group developing zero-day exploits to abuse two of these vulnerabilities.

Patches issued by Trend Micro address privilege escalation flaws, incorrect permission assignment, authentication evasion, and arbitrary file uploading.

According to its report, the company detected a wave of exploitation attempts targeting two specific flaws, achieving success in a very limited number of detected cases. Trend Micro has already contacted users of vulnerable products to make them aware of the situation.

The company did not disclose additional information about the detection of these attacks. In this regard, a message sent directly to some members of the cybersecurity community indicates that, due to internal policies and the confidentiality of the affected customers, the details about this hacking campaign will be kept hidden.

What is known is that the flaws exploited in real-world scenarios are CVE-2021-32464, CVE-2021-32465, CVE-2021-26741, and CVE-2021-36742. As mentioned above, flaws impact Trend Micro Apex One and Apex One as a Service (SaaS) for Windows systems.

This isn’t the first time Trend Micro has issued a similar security alert. A couple of months ago, the company updated an August 2020 post on its blog to reveal that a hacking group was trying to actively exploit CVE-2020-24557, a privilege escalation vulnerability in Apex One and OfficeScan XG. That same year Trend Micro published a security alert related to the active exploitation of two flaws in ApexOne and OfficeScan.

To date, very little is known about these attacks, although some researchers point out that these malicious campaigns could be related to a report published in early 2020 that referenced a remote code execution flaw in multiple Trend Micro products that would have been exploited in high-profile attacks, such as the one that occurred at Mitsubishi Electric.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.