This one’s a head scratcher, but a thread on Google Code has revealed that Trend Micro exposed its antivirus customers to attack, after it installed a wide-open Node.js server by default on its customers’ computers. The Node.js server is part of Trend Micro’s ‘Password Manager’ utility and installed with the company’s antivirus software, as well as being set to open at startup, by default. It leaves a number of ports open to the world, which could expose users to any website executing a malicious application on their machine by sending a JavaScript request. That means an attacker could easily remotely download code and…

This story continues at The Next Web
Source: The Next Web


Please enter your comment!
Please enter your name here