News Daily


The Times Real Estate

News from Asia

  • Written by Media Outreach
HONG KONG SAR - Media OutReach - 18 August 2023 - Trend Micro (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced at Black Hat USA 2023 that its Zero Day Initiative program has published advisories addressing over 1000 unique vulnerabilities in 2023. The real-world impact if these vulnerabilities were to be weaponized would amount to time and financial losses of over 10 times the cost of prevention.

"Our proactive investment of millions each year into vulnerability research and purchases saves billions in recovery for both our customers and the industry as a whole," said Kevin Simzer, COO at Trend. "A concerning trend is being documented of companies lacking transparency around vulnerability disclosure vendor patching, which pose a threat to the security of the digital world."

Today, Trend is calling for an end to silent patching – the practice of slowing or diluting public disclosure and documentation of vulnerabilities and patches. It is a major roadblock to fighting cybercrime but is all too common among major vendors and cloud providers.

During a session at Black Hat USA 2023, Trend Research representatives revealed that silent patching has become particularly common among cloud providers. Companies are more frequently refraining from assigning a Common Vulnerabilities and Exposures (CVE) ID for public documentation and are instead privately issuing patches.

The lack of transparency or version numbers for cloud services hinders risk assessment and deprives the wider security community of valuable information for enhancing overall ecosystem security.

At last year's Black Hat event, Trend warned of a growing number of incomplete or faulty patches and an increasing reluctance among vendors to deliver authoritative information on patches in plain language. The gap has since worsened, with some companies deprioritizing patching altogether, leaving their customers and industries exposed to unnecessary and increasing risk.

Urgent action is needed to prioritize patching, address vulnerabilities and foster collaboration among researchers, cybersecurity vendors and cloud service providers to fortify cloud-based services and protect users from potential risks.

Trend is committed to transparent vulnerability patching and aims to enhance security postures industry-wide through its Zero Day Initiative program. Through its commitment to transparent disclosure, Trend's ZDI issued today advisories on several zero-day vulnerabilities including:

ZDI-CAN-20784 Github (CVSS 9.9)

  • This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability
  • The flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a dev container configuration. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor
ZDI-CAN-20771 Microsoft Azure (CVSS 4.4)
  • This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability
  • The flaw exists within the handling of certificates. The issue results from the exposure of a resource to the wrong control sphere. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
For a full list of advisories published by Trend Micro's ZDI, visit: https://www.zerodayinitiative.com/advisories/published/

Trend Micro's ZDI pioneered the vulnerability marketplace with a focus on disrupting attackers by legitimately purchasing vulnerability research that can then be disclosed to affected vendors to address before the information is made public.

Hashtag: #trendmicro #ZDI #cybersecurity #cloudsecurity

The issuer is solely responsible for the content of this announcement.

Read more

Top 5 Providers of SEO Focused Guest Posts in Florida You Can Trust

Many companies today aim to increase their online presence, which is a good use for guest blogging. In guest blogging, you compose content for the benefit of other websites that link back to yours. This promotes your business and increases... Read more

The Role of Litigation Lawyers in Brisbane

Litigation lawyers in Brisbane play a crucial role in the legal landscape, ensuring justice is accessible and efficiently administered for the clients they represent. They have expertise in handling disputes that may result in court proceedings, with their work encompassing... Read more

Edge Computing: Revolutionising Connectivity in the Digital Age

Edge computing is rapidly transforming how organisations process and manage data, bringing computational power closer to where it's most needed. In an increasingly connected world, Microsoft Azure services are at the forefront of this technological revolution, enabling businesses to leverage... Read more

What You Need to Know About Towing a Caravan

Towing a caravan can be an exciting way to explore Australia's vast landscapes, but it also comes with its own set of challenges. Whether you’ve just purchased a new caravan or are browsing caravans for sale, understanding the ins and... Read more

How to curb short-sightedness in kids

Kids should play outside more to reduce the risk of short-sightedness and potential adult blindnessWe are in the grips of a ‘myopia epidemic’: more than 20 per cent of Australians have myopia or short-sightedness, tipped to rise to 50 per... Read more

The Importance of Fast Energy Services in Your New House

Moving to a new place is challenging and accompanies a lot of work. From packing to getting everything to your new place and unpacking, there’s alot to consider. One important necessity people forget to check is if the electricity and... Read more