TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 22, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 26 May 2017 18:26:02 +0000
For those of you who follow the National Football League (NFL), do you remember Super Bowl 47? I wasn’t exactly thrilled about the teams that played since I’m not a 49ers or Ravens fan. What was interesting about the game is that it was halted for over half an hour in the third quarter because of a power outage, earning that game the nickname of “Blackout Bowl.” Although it was eventually ruled a power surge issue, there were many, including me, that thought there could have been foul play involved.
There is always potential for a cyberattack against our electrical grid and public safety computer systems – especially during the biggest game of the year!
We have placed an emphasis on threat intelligence for our customers’ supervisory control and data acquisition (SCADA) networks for over a decade. Earlier this week, the Zero Day Initiative (ZDI) presented a session on their extensive analysis of more than 250 security vulnerabilities in SCADA human machine interface (HMI) systems from 2015-2016 at the Positive Hack Days conference in Moscow. Their research efforts, which included vulnerabilities acquired through the ZDI bug bounty program, found that most of these vulnerabilities are in the areas of memory corruption, poor credential management, lack of authentication/authorization and insecure defaults, and code injection bugs, all of which are preventable through secure development practices.
ZDI has released the companion paper that provides the details of what was covered in their presentation. You can access the full report and read commentary from Brian Gorenc here: https://www.zerodayinitiative.com/blog/2017/5/19/hacker-machine-interface-the-state-of-scada-hmi-security.
Zero-Day Filters
There are 18 new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Foxit (1)
| |
Hewlett Packard Enterprise (2)
| |
Trend Micro (15)
| |
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
http://feeds.trendmicro.com/TrendMicroSimplySecurity