TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 24, 2017

April 28, 2017 admin Network, Security, Zero Day Initiative

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 28 Apr 2017 12:26:11 +0000

There was a time when a person’s motivation to hack something was for financial reasons or for street cred. But now we’re seeing organizations that have other motivations. Pawn Storm is a cyber-espionage organization whose motives include foreign and domestic espionage, and influence on geopolitics.

Trend Micro has been following the organization for quite some time, and has released a paper that takes a look at Pawn Storm’s operations from the past two years. Data has been compiled on targets and campaigns conducted by the group, as well as details on the specific attacks used to compromise victims. Later sections cover the operational side of the group, from their facilitators to their attitude about organizational security. The paper also provides some guidelines on how to defend against this increasingly relevant threat, as well as solutions that can protect organizations from Pawn Storm’s tactics. To read the full report, click here.

Renaming of Deployment Modes in Digital Vaccine

This week, we released a new enhancement to the Digital Vaccine (DV) package. The names of some of the deployment modes have been changed to better reflect their intended usage. We are deprecating three of the deployment modes; Core, Edge and Perimeter. These three deployment modes will remain in the DV, marked as “Deprecated.” The deprecated deployment modes will continue to contain new filters added to the DV, but the new filters in the deprecated deployment modes will have the same characteristics as the Default deployment mode going forward.

The following table reflects the naming changes in relation to the historical names of the deployment modes:

Current Name	New Name
Default	Default
Aggressive	Security-Optimized
Core	Core [Deprecated]
Edge	Edge [Deprecated]
Hyper-Aggressive	Performance-Optimized
Perimeter	Perimeter [Deprecated]

The Aggressive deployment mode is being renamed Security-Optimized to reflect that it emphasizes security over performance. The Hyper-Aggressive deployment mode is being renamed to Performance-Optimized to reflect that it emphasizes network performance over security. Please note that the Performance-Optimized deployment mode is not recommended for use in a production environment it is intended for testing purposes only. The Default deployment mode will remain unchanged. For questions or technical assistance, customers can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are eight new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (2)

	27948: ZDI-CAN-4502: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) 28005: ZDI-CAN-4534: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)

Dell (1)

	27943: ZDI-CAN-4459: Zero Day Initiative Vulnerability (Dell Storage Manager)

Foxit (1)

	28004: ZDI-CAN-4525: Zero Day Initiative Vulnerability (Foxit Reader)

Trend Micro (4)

	27752: HTTP: Trend Micro Control Manager XML External Entity Processing (ZDI-17-076,083,084) 27826: HTTPS: Trend Micro Control Manager XML External Entity Processing (ZDI-17-076,083,084) 27907: HTTPS: Trend Micro SafeSync for Enterprise get_replacement Command Injection (ZDI-17-127) 28006: ZDI-CAN-4543: Zero Day Initiative Vulnerability (Trend Micro OfficeScan Proxy)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

http://feeds.trendmicro.com/TrendMicroSimplySecurity