Business Daily Media

The Times Real Estate

.

Trend Micro Discovers Actively Exploited Vulnerability Affecting Millions of Users: Customers Already Protected

Bug allowing attackers to bypass critical protections uncovered by Trend’s Zero Day Initiative

HONG KONG SAR - Media OutReach Newswire - 15 February 2024 - Trend Micro Incorporated (TYO: 4704; TSE: 4704) a global cybersecurity leader, announced its discovery of a vulnerability in Microsoft Windows Defender that is actively being exploited by cyberthreat group Water Hydra.

Trend discovered the vulnerability on December 31, 2023 and Trend customers have been automatically protected since January 1, 2024. Organizations are advised to take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals.

This (CVE-2024-21412) is an active zero-day vulnerability that was disclosed by Trend Micro's Zero Day Initiative™ (ZDI) to Microsoft and is being published for the first time today.

Trend protects its customers by issuing virtual patches an average of 51 days before patches are released, including this zero-day for Microsoft. For all other vendors, the average time to actually protect their customers was 96 days. Trend estimates that customers who applied all virtual patches in 2023 saved an average of $1M for their enterprise.

Mark Houpt, CISO, Databank: "We have experienced first-hand the advantages of being under the protective umbrella of Trend Micro. Their unparalleled threat intelligence allows us to be proactively shielded against emerging threats. By implementing their virtual patches, we've managed to stay ahead of potential exploit attempts, securing our systems and allowing our customers to have confidence that their systems are secured long before official patches become available. It's a crucial part of our cybersecurity strategy, giving us peace of mind and significant cost savings in potential breach prevention."

When a new zero-day vulnerability is discovered, Trend responsibly discloses to the vendor. Trend customers then benefit from virtual patching to protect their systems from exploitation until an official patch can be applied.

Kevin Simzer, COO at Trend: "Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals. This is one reason we invest so deeply in threat intelligence, so we can keep our customers protected months before official vendor patches are released. We are proud to be creating a world with less cyber risk."

The critical risk is that vulnerabilities can be exploited by bad actors targeting any number of industries or organizations. This one is being actively exploited by the financially motivated APT group to compromise foreign exchange traders participating in the high-stakes currency trading market.

Specifically, it's used in a sophisticated zero-day attack chain to enable a Windows Defender SmartScreen bypass. Attacks are designed to infect victims with the DarkMe remote access trojan (RAT) for potential data theft and ransomware.

Using layers of defense to mitigate advanced threats, Trend's intrusion prevention system (IPS) capabilities delivered virtual patching by completely blocking the exploitation of CVE-2024-21412.

Trend Vision One™ automatically identifies critical vulnerabilities and provides visibility into all affected endpoints and their possible impact on an organization's overall risk. Trend's proactive approach to risk management reduces the need for last-minute reactive measures on "disclose day" and ensures customers are well-prepared to mitigate risks with confidence.

By contrast, organizations relying solely on a legacy endpoint detection and response (EDR) approach may be left exposed to the threat if their attackers use advanced techniques to avoid detection.

The power of the ZDI, the world's largest vendor-agnostic bug bounty program, to find and then feed intelligence into virtual patching has become increasingly important in light of two key trends identified by Trend:

  • The zero-day vulnerabilities discovered by cybercrime groups are increasingly deployed in attack chains by nation-state groups like APT28, APT29, and APT40, broadening their reach.
  • CVE-2024-21412 is itself a simple bypass of CVE-2023-36025, highlighting how easily APT groups can identify and circumvent narrow vendor patches.

To see more on the value of this news, please visit: https://www.youtube.com/watch?v=yY08S4-aICA

To read more technical information on how this occurred, please visit: https://www.trendmicro.com/en_us/

Note: Microsoft has issued a patch for CVE-2024-21412: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
Hashtag: #trendmicro #trendvisionone #visionone #cybersecurity





The issuer is solely responsible for the content of this announcement.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

News from Asia

LFC and adidas reunite with new multi-year partnership

LIVERPOOL, UK - Media OutReach Newswire - 13 March 2025 - Liverpool Football Club and adidas have agreed a new multi-year partnership that will see the sportswear giant once again become the club...

Prince Holding Group Earns Fifth Consecutive ‘Best in Cambodia’ Award for CSR Initiatives

Recognized at the 17th Annual Global CSR & ESG Awards for Sustainable Development Efforts PHNOM PENH, CAMBODIA - Media OutReach Newswire - 13 March 2025 - Prince Holding Group has been recogni...

Galaxy Macau’s Reveals a Galaxy of Stars As the Integrated Resort’s Restaurants are Awarded Five Michelin Stars in the 17th Michelin Guide Hong Kong Macau 2025

Sushi Kissho by Miyakawa Celebrates a Stellar Debut MACAU SAR - Media OutReach Newswire - 13 March 2025 - In the 17th Michelin Guide Hong Kong Macau 2025, Galaxy Macau™, the world-class luxury in...

Melco continues to lead with the city’s top number of Stars granted by MICHELIN Guide Hong Kong & Macau 2025

MACAO SAR - Media OutReach Newswire - 13 March 2025 - Melco Resorts & Entertainment continues to lead in Macau in the newly published MICHELIN Guide Hong Kong & Macau 2025, being granted ...

Singapore G Unveils the Largest Cold Storage Facility in Central Singapore, Reinforcing Its Commitment to Supporting SMEs and Business Growth

SINGAPORE - Media OutReach Newswire - 14 March 2025 - Singapore G, a trailblazer in space solutions, today announced the grand opening of MustardSeed@SG Cold Store, a cold storage facility in the ...

GROW with Singlife and aberdeen Launch New Exclusive Share Class of Global Income Bond Fund to Deliver Sustainable Payouts Amid Market Volatility

Globally diversified portfolio of crossover bonds aims to deliver attractive yields for investors SINGAPORE - Media OutReach Newswire - 14 March 2025 - GROW with Singlife ("GROW"), the integrated...

Konica Minolta wins 2025 A3 Line of the Year Award and four Pick Awards from Keypoint Intelligence

Recognition of Konica Minolta’s adaptable, future-ready innovations in office printing technology. SINGAPORE - Media OutReach Newswire - 14 March 2025 – Konica Minolta has been awarded five ...

Silver vs. Gold: Octa Broker's Expert Take on the Future of Precious Metals

KUALA LUMPUR, MALAYSIA - Media OutReach Newswire - 14 March 2025 - Silver is attracting investor interest, with market analysts predicting a potential leap to $40 per troy ounce in 2025...

Asia trade set for continued growth despite challenging global business environment, reveals DHL Trade Atlas 2025

India, Vietnam, Indonesia, and the Philippines are forecast to lead in both speed and scale of trade growth from 2024 to 2029 South Asia and Southeast Asia regions set to ach...

Incode joins Australia’s Age Assurance Technology Trial to protect children online

With a market-leading +99% accuracy rate, Incode will play a key role in safeguarding Aussie minors on social media Incode Technologies Inc., a...

Empowering small businesses: Localsearch rolls out affordable digital solutions

New suite of digital solutions designed to boost visibility, engagement, and customer acquisition In response to a rapidly evolving digital lan...

Why Responsible Leadership is a Competitive Advantage for Small Businesses

In today’s fast-changing business landscape, leadership is evolving. While large corporations are reassessing their diversity, equity, and inclusi...

Why it’s a great time to include the EU in your export push

With the US market beset with unknowns, training your sights on mainland Europe in 2025 makes sound sense. Wondering whether the introduction o...

Success Isn’t About Labels—It’s About Mindset

In the lead up to International Women’s Day, I’ve been reflecting on my own success as a business owner and whether or not being a woman has playe...

Accelerate Action- Thryv champions women in business for International Women’s Day

Thryv® (NASDAQ: THRY), provider of the leading small business software platform, is celebrating International Women’s Day by shining a spotlight o...

Sell by LayBy