TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 23, 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 27 Oct 2017 12:00:32 +0000
Just like Bugs Bunny wears disguises to avert his enemies, there’s another “wascally” rabbit causing trouble in the form of ransomware. Bad Rabbit is the latest ransomware campaign hitting Eastern European countries with what looks like a variant of the Petya/NotPetya ransomware. Bad Rabbit spreads via fake Adobe Flash updates and also leverages some of the exploits released by Shadowbrokers earlier this year.
I know sometimes it’s easier said than done based on patch management schedules – make sure to apply vendor critical patches as soon as possible. Trend Micro is keeping close tabs on the situation and has pulled together valuable resources with detailed information.
| |
Mobile Pwn2Own
Next week, the Zero Day Initiative will be hosting this year’s Mobile Pwn2Own in Tokyo, Japan. More than $500,000 USD is available in the prize pool, and we’re giving add-on bonuses for exploits that meet a higher bar of difficulty. This year’s targets include Google Pixel, Samsung Galaxy S8, Apple iPhone 7 and Huawei Mate9 Pro. You can check out all the contest details and rules here.
The team will be live blogging and tweeting results throughout the competition. For continuing coverage of the event, make sure to follow @thezdi and @trendmicro on Twitter, and keep an eye on the #MP2O hashtag for continuing coverage.
Zero-Day Filters
There are 20 new zero-day filters covering 10 vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Apple (1)
| |
Belkin (1)
| |
Cisco (1)
| |
Foxit (4)
| |
Hewlett Packard Enterprise (1)
| |
Microsoft (6)
| |
NetGain Systems (1)
| |
Novell (1)
| |
Schneider Electric (3)
| |
Trend Micro (1)
| |
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.