TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 19, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 23 Feb 2018 15:44:45 +0000

Earlier this week, Trend Micro released its Security Roundup for 2017, which reveals an increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past year as cybercriminals refined and targeted their attacks for greater financial return. Surprisingly, some of the biggest attacks still rely on known vulnerabilities that have available patches. Patch management and eliminating the risk associated with known vulnerabilities is a huge step in protecting against breaches or the next WannaCry, which now also means protecting against General Data Protection Regulation (GDPR) fines, which will take effect on May 25, 2018, for organizations handling EU data.

To read the full report, visit https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup.

TippingPoint Releases

Earlier this week, we released the following software releases:

  • TippingPoint Security Management System (SMS) v5.0 patch 2
  • TippingPoint Operating System (TOS) v5.0.2 for Threat Protection System (TPS)

For the complete list of enhancements and changes, please refer to the Product Release Notes. Release Notes, other product documentation, and customer support information can be found on the Threat Management Center (TMC) web site at https://tmc.tippingpoint.com.

Zero-Day Filters

There are 11 new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Ecava (1)

  • 30390: ZDI-CAN-5386: Zero Day Initiative Vulnerability (Ecava IntegraXor)

Foxit (3)

  • 30401: ZDI-CAN-5432: Zero Day Initiative Vulnerability (Foxit Reader)
  • 30402: ZDI-CAN-5433,5434: Zero Day Initiative Vulnerability (Foxit Reader)
  • 30403: ZDI-CAN-5435: Zero Day Initiative Vulnerability (Foxit Reader)

OMRON (4)

  • 30399: ZDI-CAN-5405: Zero Day Initiative Vulnerability (OMRON CX-One)
  • 30400: ZDI-CAN-5406: Zero Day Initiative Vulnerability (OMRON CX-One)
  • 30408: ZDI-CAN-5439: Zero Day Initiative Vulnerability (OMRON CX-One)
  • 30409: ZDI-CAN-5440: Zero Day Initiative Vulnerability (OMRON CX-One)

Oracle (1)

  • 30384: HTTP: Oracle WebLogic Diagnosis Assistant rda_tfa_hrs Command Injection Vulnerability (ZDI-18-116)

Quest (2)

  • 30313: HTTP: Quest NetVault Backup Export File Overwrite Vulnerability (ZDI-18-005)
  • 30352: HTTP: Quest NetVault Backup Export JSON File Overwrite Vulnerability (ZDI-18-005)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity