Earlier last week, Japanese manufacturer Mitsubishi Electric disclosed that it had suffered a security breach in June last year, which saw hackers access personal employee information and corporate materials.
Local media reports related that the attackers – speculated to be members of a Chinese state-sponsored hacking group known as “Tick” – were able to exploit a zero-day vulnerability in one of the anti-virus products Mitsubishi Electric was using, Trend Micro’s OfficeScan.
Data stolen in the attack included almost 2000 employment applications, the results of an employee survey completed by 4,566 people, details on 1,569 Mitsubishi Electric staff who retired between 2007 and 2019, and corporate information including confidential technical documents and sales materials.
A ZDNet report suggests that the vulnerability exploited by Mitsubishi’s hackers was CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in Trend Micro OfficeScan that was fixed in October 2019.
Trend Micro has previously boasted in its marketing materials that Mitsubishi Electric is one of its customers.
It’s obviously extremely embarrassing for any security company to be found to have played an unwi ..
Support the originator by clicking the read the rest link below.
