Fixes have been issued by Trend Micro for an actively exploited critical remote code execution zero-day flaw affecting its Apex One endpoint protection solution, reports BleepingComputer.
Trend Micro Apex One 2019, Trend Micro Apex One SaaS 2019, Worry-Free Business Security 10.0 SP1 or Virus Buster Business Security in Japan, and Worry-Free Business Security Services 10.0 SP1 or Virus Buster Business Security Services in Japan, are vulnerable to the security bug, tracked as CVE-2023-41179, which has been found within the security software's third-party uninstaller module.
While the vulnerability has been detected to be leveraged in at least one attempted attack, Trend Micro noted that exploitation required prior theft and login of management console credentials.
Organizations have been urged by Japan's Computer Emergency Response Team to immediately remediate the bug.
"If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," said JPCERT.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news