RCE Vulnerability in Trend Micro Security (Consumer)

The beauty of what we do here at BEETLES, and the way we do it, is that, over time, we tend to discover new, previously unknown, vulnerabilities, known in the industry as 0Day vulnerability...

While any automated tool works within the parameters of set algorithms and logic, scanning for known vulnerabilities within the threat intelligence databases, a manual assessment by domain-specific experts and skilled pentesters is more of a research into cyber security and often yields discoveries that were previously unknown, even to the manufacturer or product owner.

In such a manner, Beetles recently discovered a critical vulnerability in an antivirus software, while conducting an engagement with one of our clients. We disclosed the vulnerability to Trend Micro, a manufacturer of, antivirus software, network security devices, and solutions. Today that report has been disclosed and published by Trend Micro and our finding has been listed in the Common Vulnerabilities and Exposures (CVE) databases.

A big shout out to the entire Beetles Red Team and

Shahee Mirza, Chief Cyber Operations Officer, whose guidance and mentoring is crucial to such research work. And a big thank you to Trend Micro for the acknowledgment.

https://helpcenter.trendmicro.com/en-us/article/TMKA-09644

CVE-2020-15602 #0Day #PenTest #Cybersecurity #Trendmicro #antivirus #PTaaS #redteam