TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 19, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 23 Mar 2018 15:05:44 +0000

Back in 2005, there were a number of us in a conference room in Austin, Texas working to determine how we would structure it, what we would name it, and how to deal with the potential backlash that would come after we announced it. What is it? I’m referring to our Zero Day Initiative. It’s been a long journey for the team working to gain the trust of not only vendors in various industries, but also the security researcher community. By promoting responsible disclosure of vulnerabilities, the Zero Day Initiative (ZDI) has grown to become a significant influencer on the importance of security in the product development lifecycle and a deterrent to the black market.

In addition to being the largest bug bounty program in the world, the ZDI is also the leader in global vulnerability research and discovery. Frost & Sullivan’s report, “Analysis of the Global Public Vulnerability Research Market, 2017,” highlights the vulnerability landscape and the key public vulnerability reporting agencies. Out of the 1,522 vulnerabilities counted in the report, the ZDI publicly disclosed 66.3% of them! For more information on ZDI and statistics from the report, download this infographic.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before March 13, 2018. The following table maps Digital Vaccine filters to the Adobe updates. You can get more detailed information on this month’s security updates from Dustin Childs’ March 2018 Security Update Review from the Zero Day Initiative:

Bulletin # CVE # Digital Vaccine Filter # Status
APSB18-05 CVE-2018-4919 30701
APSB18-05 CVE-2018-4920 30699

 

Planned Maintenance Window

The Trend Micro TippingPoint Threat Management Center (TMC) web site (https://tmc.tippingpoint.com) will be undergoing maintenance on the following date and time:

Date From To
Sunday, April 8, 2018 9:00AM (CDT) 10:00AM (CDT)
2:00PM (UTC) 3:00PM (UTC)

 

During the maintenance window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW) and Threat Protection System (TPS) connectivity to the TMC will be disrupted, thus preventing the Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center.

Zero-Day Filters

There are 22 new zero-day filters covering 10 vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

AlienVault (1)

  • 30685: HTTPS: AlienVault USM and OSSIM get_directive_kdb.php SQL Injection Vulnerability (ZDI-16-505)

Apple (4)

  • 30810: ZDI-CAN-5812: Zero Day Initiative Vulnerability (Apple Safari)
  • 30815: PWN2OWN ZDI-CAN-5819: Zero Day Initiative Vulnerability (Apple Safari)
  • 30820: ZDI-CAN-5825: Zero Day Initiative Vulnerability (Apple Safari)
  • 30821: PWN2OWN ZDI-CAN-5827: Zero Day Initiative Vulnerability (Apple Safari)

EMC (2)

  • 30718: TCP: EMC AutoStart ftagent Opcode 20 Subcode 2219 Command Execution Vulnerability (ZDI-15-172)
  • 30720: TCP: EMC AutoStart ftagent Opcode 20 Subcode 2060 Command Execution Vulnerability (ZDI-15-171)

Hewlett Packard Enterprise (2)

  • 30695: HTTPS: HPE Vertica validateAdminConfig Command Injection Vulnerability (ZDI-16-244)
  • 30738: HTTP: HP Sprinter ActiveX Instantiation Buffer Overflow Vulnerability(ZDI-14-359)

Microsoft (2)

  • 30811: PWN2OWN ZDI-CAN-5814: Zero Day Initiative Vulnerability (Microsoft Edge)
  • 30812: PWN2OWN ZDI-CAN-5815: Zero Day Initiative Vulnerability (Microsoft Edge)

Mozilla (2)

  • 30817: PWN2OWN ZDI-CAN-5822: Zero Day Initiative Vulnerability (Mozilla Firefox)
  • 30818: ZDI-CAN-5824: Zero Day Initiative Vulnerability (Mozilla Firefox)

Oracle (2)

  • 30722: HTTP: Oracle Data Quality Trillium Based SetEntities Type Confusion Vulnerability (ZDI-15-105)
  • 30724: HTTP: Oracle Data Quality LoaderWizard DataPreview Type Confusion Vulnerability (ZDI-15-103)

Panasonic (2)

  • 30726: HTTP: Panasonic Security API SDK ActiveX FilePassword Memory Corruption Vulnerability (ZDI-15-260)
  • 30742: HTTP: Panasonic Security API SDK Buffer Overflow Vulnerability (ZDI-15-261)

Schneider Electric (4)

  • 30709: HTTP: Schneider Electric ProClima F1BookView Buffer Overflow Vulnerability (ZDI-15-634)
  • 30714: HTTP: Schneider Electric ProClima F1BookView CopyRangeEx Memory Corruption Vulnerability(ZDI-15-629)
  • 30715: HTTP: Schneider Electric ProClima F1BookView AttachToSS Memory Corruption Vulnerability (ZDI-15-628)
  • 30716: HTTP: Schneider Electric ProClima F1BookView CopyRange SwapTables Memory Corruption (ZDI-15-627)

Trend Micro (1)

  • 30684: HTTPS: Trend Micro Control Manager task_controller Information Disclosure Vulnerability (ZDI-16-462)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 19, 2018 appeared first on .

http://feeds.trendmicro.com/TrendMicroSimplySecurity