TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 29, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 02 Jun 2017 21:21:24 +0000

“Anything that can go wrong will go wrong.” It’s not exactly clear how Murphy’s Law originated, but it seems to always make an appearance at the one time you can’t afford for anything to go wrong. Your laptop starts to malfunction right as you need to finish a project (this happened to yours truly earlier today) – your car breaks down the day you’re about to leave for a trip – or in last weekend’s case with British Airways, your entire IT system goes down on a holiday weekend, resulting in chaos and cancelled flights for tens of thousands of travelers at Heathrow and Gatwick airports. If you read my blog from last week, I mentioned that I am usually suspicious of outages at large venues and will assume that someone has hacked something. It wouldn’t be unreasonable for me to think that the British Airways outage was cybersecurity related.

But as it turns out, the British Airways outage wasn’t a cybersecurity incident at all. What caused it? Plain old human error – the result of an IT worker accidentally switching off the power supply. British Airways’ parent company explained that as a result of the IT worker’s actions, the supply of power to a key data center was lost, which ultimately resulted in an uncontrolled reboot of the system subsequently shut down the entire system. While British Airways will have to deal with fines related to the outage, at least they don’t have to deal with cleaning up what could have been a massive cybersecurity incident. By the way, if you haven’t had a chance to read it, you can read the recent white paper from the Zero Day Initiative that focuses on SCADA vulnerabilities here.

TippingPoint Security Management System (SMS) v4.6 Now Available!

Earlier this week, we released version 4.6.0 build 101914 of the TippingPoint Security Management System (SMS). SMS v4.6.0 is a general availability release that includes the following enhancements:

  • Threat Insights and Enhanced SMS Web Management Interface: The SMS provides a new web-based interface in this release that provides at-a-glance insight into your network security status with Threat Insights. This aggregation portal correlates threat intelligence from NGIPS, vulnerability scans, and sandboxing – summarizing them in one place – helping to prioritize, automate, and consolidate network threat information. This redesigned and improved interface is HTML5 based and available for both desktop and mobile device access.
  • Add Advanced Threat Analysis to Your Existing TippingPoint Deployment: Pre-filter and forward potential threats for automated sandbox analysis using the Trend Micro Analyzer appliance. Add on Trend Micro Analyzer centrally and scale as needed with no need to change your existing network infrastructure. View risk results directly from the integrated interface on the SMS. Advanced Threat Analysis requires Trend Micro Analyzer and the HTTP context feature available on TOS v3.7 or later on N/NX-series NGIPS devices and TOS v4.2 or later on T-series IPS devices.

For a complete list of enhancements and changes, customers can refer to the product Release Notes. For Release Notes and other documentation, go to https://tmc.tippingpoint.com/TMC/. For questions or technical assistance, customers can contact the TippingPoint Technical Assistance Center (TAC). For more information on SMS Threat Insights, click here.

Zero-Day Filters

There are 13 new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Foxit (13)

  • 28374: HTTP: Foxit Reader Link setAction Use-After-Free Vulnerability (ZDI-17-306)
  • 28377: HTTP: Foxit Reader Field setAction Use-After-Free Vulnerability (ZDI-17-307)
  • 28382: HTTP: Foxit Reader scroll Use-After-Free Vulnerability (ZDI-17-302)
  • 28383: HTTP: Foxit Reader Field insertItemAt Use-After-Free Vulnerability (ZDI-17-303)
  • 28384: HTTP: Foxit Reader spawnPageFromTemplate Use-After-Free Vulnerability (ZDI-17-304)
  • 28386: HTTP: Foxit Reader Annotations arrowEnd Use-After-Free Vulnerability (ZDI-17-309)
  • 28389: HTTP: Foxit Reader importAnXFDF Use-After-Free Vulnerability (ZDI-17-308)
  • 28390: HTTP: Foxit Reader Annotations opacity Use-After-Free Vulnerability (ZDI-17-310)
  • 28391: HTTP: Foxit Reader getURL Use-After-Free Vulnerability (ZDI-17-305)
  • 28392: HTTP: Foxit Reader Annotations style Use-After-Free Vulnerability (ZDI-17-311)
  • 28396: HTTP: Foxit Reader Annotations lock Use-After-Free Vulnerability (ZDI-17-312)
  • 28454: HTTP: Foxit Reader buttonSetCaption Use-After-Free Vulnerability (ZDI-17-299)
  • 28455: HTTP: Foxit Reader resetForm Use-After-Free Vulnerability (ZDI-17-300) 

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity