> A source with knowledge of the attack told ZDNet that the hackers exploited CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in the Trend Micro OfficeScan antivirus.<p>Security software is like any other software in that it needs to obey the principle of least privilege.