News Daily


Men's Weekly

News from Asia

  • Written by Media Outreach
HONG KONG SAR - Media OutReach - 18 August 2023 - Trend Micro (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced at Black Hat USA 2023 that its Zero Day Initiative program has published advisories addressing over 1000 unique vulnerabilities in 2023. The real-world impact if these vulnerabilities were to be weaponized would amount to time and financial losses of over 10 times the cost of prevention.

"Our proactive investment of millions each year into vulnerability research and purchases saves billions in recovery for both our customers and the industry as a whole," said Kevin Simzer, COO at Trend. "A concerning trend is being documented of companies lacking transparency around vulnerability disclosure vendor patching, which pose a threat to the security of the digital world."

Today, Trend is calling for an end to silent patching – the practice of slowing or diluting public disclosure and documentation of vulnerabilities and patches. It is a major roadblock to fighting cybercrime but is all too common among major vendors and cloud providers.

During a session at Black Hat USA 2023, Trend Research representatives revealed that silent patching has become particularly common among cloud providers. Companies are more frequently refraining from assigning a Common Vulnerabilities and Exposures (CVE) ID for public documentation and are instead privately issuing patches.

The lack of transparency or version numbers for cloud services hinders risk assessment and deprives the wider security community of valuable information for enhancing overall ecosystem security.

At last year's Black Hat event, Trend warned of a growing number of incomplete or faulty patches and an increasing reluctance among vendors to deliver authoritative information on patches in plain language. The gap has since worsened, with some companies deprioritizing patching altogether, leaving their customers and industries exposed to unnecessary and increasing risk.

Urgent action is needed to prioritize patching, address vulnerabilities and foster collaboration among researchers, cybersecurity vendors and cloud service providers to fortify cloud-based services and protect users from potential risks.

Trend is committed to transparent vulnerability patching and aims to enhance security postures industry-wide through its Zero Day Initiative program. Through its commitment to transparent disclosure, Trend's ZDI issued today advisories on several zero-day vulnerabilities including:

ZDI-CAN-20784 Github (CVSS 9.9)

  • This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability
  • The flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a dev container configuration. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor
ZDI-CAN-20771 Microsoft Azure (CVSS 4.4)
  • This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability
  • The flaw exists within the handling of certificates. The issue results from the exposure of a resource to the wrong control sphere. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
For a full list of advisories published by Trend Micro's ZDI, visit: https://www.zerodayinitiative.com/advisories/published/

Trend Micro's ZDI pioneered the vulnerability marketplace with a focus on disrupting attackers by legitimately purchasing vulnerability research that can then be disclosed to affected vendors to address before the information is made public.

Hashtag: #trendmicro #ZDI #cybersecurity #cloudsecurity

The issuer is solely responsible for the content of this announcement.

Read more

Top Electrical Safety Tips from Inner West Sydney Electricians

While it may not be the most exciting subject to discuss, having an electrically safe home is definitely one of the most critical. Knowing the basics could help you avoid accidents and ensure your home remains in good condition, whether... Read more

When to Escalate a Debt Recovery Matter to Legal Action

Knowing when to transition from informal debt collection efforts to formal legal proceedings is a decision that many creditors find difficult to navigate. Acting too early can damage commercial relationships, while waiting too long can reduce the likelihood of recovery... Read more

Why Slurry Hose Systems Are Essential for Handling Abrasive Industrial Materials

Transporting abrasive mixtures is a common challenge in industries such as mining, dredging, and construction. These mixtures, known as slurry, consist of solid particles suspended in water or other liquids. Moving slurry through pipelines requires specialised equipment that can withstand... Read more

Why Choosing the Right Dental Clinic Matters for Long Term Oral Health

Maintaining good oral health requires regular checkups, preventive care, and professional treatment when needed. Visiting a trusted Dental Clinic plays a vital role in keeping teeth and gums healthy while preventing more serious dental problems in the future. Many people only... Read more

Is Deep Plane Facelift Safe in Thailand?

When you ask whether a deep plane facelift is safe in Thailand, you’re really asking: “Can I get high-quality surgical care with strong safety standards and reliable follow-up while I’m traveling?” That’s a smart question. But the country name alone... Read more

Why Cloud Services Are Now Essential for Business Growth and Security

In today’s fast-moving digital environment, understanding how cloud services support long-term stability has become a priority for businesses across Australia. As expectations shift and workplaces adopt more flexible models, organisations are turning to cloud services to keep systems running smoothly... Read more