Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Open Source The Media

Trend Micro's Own Cybersecurity Blog Gets Hacked (silicon.co.uk) 17

Mickeycaskill quotes Silicon: Just to illustrate that you can never be too careful, cybersecurity specialist Trend Micro has confirmed that one of the blogs it uses to communicate with customers was itself the victim of a content spoofing attack. The culprits exploited a vulnerability in WordPress to inject fake content onto the blog before it was removed by Trend Micro and the bug fixed... "Unfortunately there are many different URLs attackers can use to carry out the same attack, so a couple of fake 'articles' ended up posted on CounterMeasures," head of security research Rik Ferguson told Silicon. "We have responded and shut down the vulnerability completely to resolve the issue."
The chairman of Trend Micro claimed in 2011 that open source software was inherently less secure than closed source -- but instead of blaming Wordpress, Ferguson "said it goes to show how breaches are an unfortunate fact of life and that companies should be judged on how they respond... 'Of course technology and best practice can mitigate the vast majority of intrusion attempts, but when one is successful, even one as low-level as this, you are more defined by how you respond than you are by the fact that it happened.'"
This discussion has been archived. No new comments can be posted.

Trend Micro's Own Cybersecurity Blog Gets Hacked

Comments Filter:
  • Lame (Score:2, Interesting)

    by Anonymous Coward

    3rd party service. Has nothing to do with Trend Micro.

  • by mmell ( 832646 ) on Sunday February 12, 2017 @05:37AM (#53849951)
    It's important, don't get me wrong. However, I'm pretty sure most admins would agree it's far more important to keep the bad guys out than it is to fix the mistake after it happens.

    For most enterprises (especially large ones) it's understandable that there is a lot of exposure to be checked on. It's also understandable if some edges of the network suffer exposure - as long as it's not core to the enterprise and doesn't result in large financial loss. We don't necessarily expect every employee at most large enterprises to be security conscious. When you're Trend Micro, however, every admin is more or less expected to eat, sleep and breathe security 24/7. If it were a large insurance company (for example), we might accept the explanation that "no customer data was lost, no critical services were impaired, it was just one of our blog sites and we've fixed it pronto".

    With that complaint out of the way, certainly even a firm which specializes in security will occasionally get caught when somebody somewhere misses a trick and the bad guys find it first. Kudos for knowing how to react quickly and being able to mitigate the damage - but when you're selling your reputation as security experts, it's still embarrassing when mistakes like this happen. Doesn't matter who made the mistake, Trend Micro's name is at the top of the web page, and it's Trend Micro's reputation which did just take a hit. It's not unlike a stock broker misreading the market or a power company causing a brief localized blackout due to human error. It's bound to happen, but when that's your bread and butter you're pretty well expected to be perfect. Once more, kudos for fixing it fast and not immediately going to the "not our fault" party line, but their reputation did just take a (small) ding.

  • Blame (Score:5, Insightful)

    by trawg ( 308495 ) on Sunday February 12, 2017 @06:50AM (#53850111) Homepage

    Article is a bit weird - he says "there are many different URLs attackers can use to carry out the same attack", like this somehow wasn't a direct result of them not updating WordPress to the latest version after the most recent exploit was announced.

    WordPress is low hanging fruit for attackers because of its vast install base; if you use it for anything that you care about you need to be totally vigilant because the 0dayz will be in the hands of everyone immediately.

    I also like how he tries to deflect blame from WordPress with a nice general statement, when the real blame should be on whoever was responsible for installing it and maintaining it in the first place :)

    You almost have to go out of your way to stop WordPress from auto-updating itself these days; whoever configured it probably thought they were being clever or more secure by, say, setting the file system permissions to read only. That seems like a good idea (& is mentioned in WordPress hardening guides), but unfortunately it will generally block the auto-update from working.

    I would say that you're definitely more at risk from an out-of-date WP install than you are with a writeable filesystem (subject to how many plugins you're running, themes, etc). (Requiring a web-process writeable filesystem for WordPress is arguably one of its scariest requirements even though it enables a large amount of functionality.)

    Overall though, I'd say this is a fairly typical worst-case scenario for a lot of people running WP in this kind of capacity. Your blog gets hacked, you serve malware or spam or look stupid for a bit, but (as long as your blog isn't where your core data is, and of course it isn't because you're not crazy, right!) you just restore from backup, update, and you're back on track.

  • How many techs and those reading this that fix PCs for friends, family, and small business see viruses that use exploits in Trend Micro to install themselves?

    Lo and behold I have seen AV software that replaces SSL certificates with their own enabling mITM attacks via superfish Lenovo style and heard about Trend Micro not only being taken over by malware but rather malware reinstalling itself when you update trend micro! Basically the malware uses the AV to install itself and prevent itself from beinguninsta

    • How many techs and those reading this that fix PCs for friends, family, and small business see viruses that use exploits in Trend Micro to install themselves?

      Lo and behold I have seen AV software that replaces SSL certificates with their own enabling mITM attacks via superfish Lenovo style and heard about Trend Micro not only being taken over by malware but rather malware reinstalling itself when you update trend micro! Basically the malware uses the AV to install itself and prevent itself from beinguninstalled. Perfect way to block competitors from adware companies too. The only solution from what I heard is a reimage as the AV software has super admin rights and embeds itself in the OS to prevent less successful malware from disabling it.

      Who uses AV software in 2017? The only good I see is at work where an endpoint management solution can totally disable network ports and disable PCs off active directory when suspicious activity arises. Other than that it's useless

      I am the parent. Here is my citation [theregister.co.uk]? My guess is this exploit was used to gain passwords on an employees PC. Just comes to show to avoid AV software if you don't want to be hacked

  • At least this time they left their own systems vulnerable, instead of all their customers' like last time [theregister.co.uk].
  • by gweihir ( 88907 ) on Sunday February 12, 2017 @07:30AM (#53850211)

    Pathetic. Getting hacked by attackers on this level is not a fact of life, it is a sign of incompetence and arrogance.

  • You've gotta be kidding me.
  • Open source can mean better security but if you take absurd risks, it will still bite you. History has proven that running PHP is very risky, not because it's open or closed but because it dynamically generates content based on poorly validated input. You can do things to eliminate these risks like not dynamically generating content or rigorously validating your inputs. PHP is highly dynamic and Wordpress isn't known for validating it's inputs, so you have taken a high level risk and like millions of oth

  • by jenningsthecat ( 1525947 ) on Sunday February 12, 2017 @10:52AM (#53850775)

    The chairman of Trend Micro claimed in 2011 that open source software was inherently less secure than closed source -- but instead of blaming Wordpress, Ferguson "said it goes to show how breaches are an unfortunate fact of life..."

    Unless they'd written their own CMS, having an open-source platform was just about the only thing that allowed them to say they had "responded and shut down the vulnerability completely to resolve the issue" and actually mean it. Ferguson should be openly grateful that his team had free access to the source.

Two percent of zero is almost nothing.

Working...