Business Daily Media

Men's Weekly

.

Trend Micro Discovers Actively Exploited Vulnerability Affecting Millions of Users: Customers Already Protected

Bug allowing attackers to bypass critical protections uncovered by Trend’s Zero Day Initiative

HONG KONG SAR - Media OutReach Newswire - 15 February 2024 - Trend Micro Incorporated (TYO: 4704; TSE: 4704) a global cybersecurity leader, announced its discovery of a vulnerability in Microsoft Windows Defender that is actively being exploited by cyberthreat group Water Hydra.

Trend discovered the vulnerability on December 31, 2023 and Trend customers have been automatically protected since January 1, 2024. Organizations are advised to take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals.

This (CVE-2024-21412) is an active zero-day vulnerability that was disclosed by Trend Micro's Zero Day Initiative™ (ZDI) to Microsoft and is being published for the first time today.

Trend protects its customers by issuing virtual patches an average of 51 days before patches are released, including this zero-day for Microsoft. For all other vendors, the average time to actually protect their customers was 96 days. Trend estimates that customers who applied all virtual patches in 2023 saved an average of $1M for their enterprise.

Mark Houpt, CISO, Databank: "We have experienced first-hand the advantages of being under the protective umbrella of Trend Micro. Their unparalleled threat intelligence allows us to be proactively shielded against emerging threats. By implementing their virtual patches, we've managed to stay ahead of potential exploit attempts, securing our systems and allowing our customers to have confidence that their systems are secured long before official patches become available. It's a crucial part of our cybersecurity strategy, giving us peace of mind and significant cost savings in potential breach prevention."

When a new zero-day vulnerability is discovered, Trend responsibly discloses to the vendor. Trend customers then benefit from virtual patching to protect their systems from exploitation until an official patch can be applied.

Kevin Simzer, COO at Trend: "Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals. This is one reason we invest so deeply in threat intelligence, so we can keep our customers protected months before official vendor patches are released. We are proud to be creating a world with less cyber risk."

The critical risk is that vulnerabilities can be exploited by bad actors targeting any number of industries or organizations. This one is being actively exploited by the financially motivated APT group to compromise foreign exchange traders participating in the high-stakes currency trading market.

Specifically, it's used in a sophisticated zero-day attack chain to enable a Windows Defender SmartScreen bypass. Attacks are designed to infect victims with the DarkMe remote access trojan (RAT) for potential data theft and ransomware.

Using layers of defense to mitigate advanced threats, Trend's intrusion prevention system (IPS) capabilities delivered virtual patching by completely blocking the exploitation of CVE-2024-21412.

Trend Vision One™ automatically identifies critical vulnerabilities and provides visibility into all affected endpoints and their possible impact on an organization's overall risk. Trend's proactive approach to risk management reduces the need for last-minute reactive measures on "disclose day" and ensures customers are well-prepared to mitigate risks with confidence.

By contrast, organizations relying solely on a legacy endpoint detection and response (EDR) approach may be left exposed to the threat if their attackers use advanced techniques to avoid detection.

The power of the ZDI, the world's largest vendor-agnostic bug bounty program, to find and then feed intelligence into virtual patching has become increasingly important in light of two key trends identified by Trend:

  • The zero-day vulnerabilities discovered by cybercrime groups are increasingly deployed in attack chains by nation-state groups like APT28, APT29, and APT40, broadening their reach.
  • CVE-2024-21412 is itself a simple bypass of CVE-2023-36025, highlighting how easily APT groups can identify and circumvent narrow vendor patches.

To see more on the value of this news, please visit: https://www.youtube.com/watch?v=yY08S4-aICA

To read more technical information on how this occurred, please visit: https://www.trendmicro.com/en_us/

Note: Microsoft has issued a patch for CVE-2024-21412: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
Hashtag: #trendmicro #trendvisionone #visionone #cybersecurity





The issuer is solely responsible for the content of this announcement.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

News from Asia

inDrive Launched 0% Commission Program to Protect Driver’s Income During Emergency Situation

JAKARTA, INDONESIA - Media OutReach Newswire - 10 September 2025 - inDrive, a global urban mobility platform, reaffirms its commitment to prioritizing the welfare of drivers. As a support measure ...

REMA TIP TOP Acquires Key Assets of Almex Group, Strengthening Global Position in Conveyor Technology

MUNICH, GERMANY - Newsaktuell - 10 September 2025 - REMA TIP TOP acquires significant assets and operations of the Canadian Almex Group. With the acquisition, the company expands its portfolio in t...

Vantage Data Centers Secures $1.6B Investment in APAC Platform from GIC and ADIA

Investment to support accelerated expansion in APAC, including acquisition of hyperscale data center campus in Johor, Malaysia, strengthening Vantage’s position as a market leader in Asia Pacific D...

AUX Commences Trading on Hong Kong Stock Exchange, Launching New Chapter in Global Growth

HONG KONG SAR - Media OutReach Newswire - 10 September 2025 - AUX Electric Co., Ltd. (Stock Code: 2580.HK), the core air conditioning business of AUX Group, listed on the Hong Kong Stock Exchange ...

BeOne Medicines Honored with the Global Oncology Innovation Leadership Award at BIOHK 2025, Supporting "1+" to Accelerate the Delivery of Innovative Cancer Therapies

HONG KONG SAR - Media OutReach Newswire - 11 September 2025 - BeOne Medicines (BeOne)(NASDAQ: ONC; HKEX: 06160; SSE: 688235), was honored today at BIOHK 2025, the Hong Kong International Biotechno...

Gree Showcases Photovoltaic DC Air Conditioning System at Gree Summit Partner, Positioning Singapore as Green Innovation Hub

SINGAPORE - Media OutReach Newswire - 11 September 2025 - Singapore has long been recognized as a pivotal hub in Gree's Southeast Asia growth strategy. With its advanced infrastructure, strong sus...

TIYA Conference 2025: Over 150 Youth Leaders from 15 Countries Gathered to Advance United Nations’ SDGs

Three-day conference in Singapore empowers young changemakers through mentorship and international collaborationSINGAPORE - Media OutReach Newswire - 11 September 2025 - Tzu-Chi Foundation (Singap...

Finex Collaborates with Sharing Happiness to Honor Indonesian Veterans

JAKARTA, INDONESIA - Media OutReach Newswire - 11 September 2025 - Finex, an acclaimed Indonesian broker, and Sharing Happiness, a charity organization, partnered to honor the members of the Indo...

Momcozy Honored at Kind+Jugend 2025 for Innovation in Maternal Care

COLOGNE, GERMANY - Media OutReach Newswire - 11 September 2025 - Momcozy, a global leader in maternal care and a pioneer of the Mom-First philosophy, announced at Kind+Jugend that its Ergonest M...

Australian representation at CIFTIS reflects deepening cooperation with China: experts

BEIJING, CHINA - Media OutReach Newswire - 11 September 2025 - The 2025 China International Fair for Trade in Services (CIFTIS) reflects the deepening cooperation between China and Australia in se...

AWS research shows strong AI adoption momentum in Australia, with startups outpacing large enterprises in innovation

Amazon Web Services (AWS), an Amazon.com company, released new research revealing that while artificial intelligence (AI) adoption continues to acce...

Changing the World One Bite At a Time: IKU Turns 40

One of Australia’s first plant-based, chef-led eateries and now ready meal provider IKU is celebrating its 40 year anniversary with the business e...

Three generations marking 45 years in hot-air balloons

Australia’s leading hot-air balloon company is celebrating 45 years in the sky and its 700,000th passenger, driven by the passion of father-son du...

Workplace DMs, Reinvented: Deputy Messaging, Purpose-Built For Shift-Based Teams

Deputy, the global people platform for shift-based businesses, has launched Deputy Messaging, a fully integrated, real-time communication tool designe...

Revolutionizing Fulfillment: How Virtual Warehousing is Changing the Game?

The e-commerce landscape is evolving more rapidly than ever, and the way businesses are managing their fulfillment is also revolutionizing. At the...

SME lender Dynamoney welcomes new CEO, Brett Thomas

Strengthens growth ambitions and signals expanded offering Dynamoney, a leading commercial finance provider for Australian SMEs,  has today appoint...

Sell by LayBy