TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 16, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 20 Oct 2017 13:29:23 +0000

Various forms of fuzzing techniques that search for vulnerabilities in software programs have been around for several decades, but it can a tedious task, especially when looking at an entire enterprise application. Earlier this week, Zero Day Initiative (ZDI) vulnerability researcher Abdul-Aziz Hariri published a blog detailing how to fuzz the image conversion feature of…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 13 Oct 2017 14:03:59 +0000

Even though “Patch Tuesday” isn’t supposed to exist anymore, here I am blogging about it. As I looked at the October updates from Microsoft, the usual suspects were there. But this month was a little different. We usually see critical vulnerabilities on the browser side, but Microsoft Office is in the spotlight with CVE-2017-11826 under…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 2, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 06 Oct 2017 14:55:49 +0000

Have you ever read something online and you read a word as something else? Sometimes the weight of our eyelids makes our eyes deceive us after hours staring at a computer screen. As I stated to read a Zero Day Initiative blog published this week by Simon Zuckerbraun, instead of reading the word “Chakra,” which…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 25, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 29 Sep 2017 18:24:40 +0000

A couple of years back, I remember working at a tradeshow booth and giving a demo to someone who was interested in our solution. He said, “Your solution is great, but I need something that will not let anyone from the outside in my network and I need something that will not let my employees…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 22 Sep 2017 14:10:02 +0000

The Morton Salt slogan “When it rains it pours” refers to its free flowing salt with a pouring spot and is a variation of the proverb “It never rains but it pours.” Unfortunately, Mother Nature has taken the proverb literally. This has been a devastating hurricane season for the United States and surrounding countries in…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 15 Sep 2017 14:59:53 +0000

In last week’s blog, I mentioned the Apache Struts vulnerability, which is still making headlines as estimates show that as many as 65 percent of Fortune 500 companies use it in some form. In addition, Equifax claims it has played a role in their breach affecting more than 143 million Americans. On July 11, 2017,…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 4, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 08 Sep 2017 14:23:58 +0000

Earlier this week, a ‘severe’ vulnerability was discovered in Apache Struts, an open source framework for developing applications in Java. The vulnerability, CVE-2017-9805, affects all versions of Struts since 2008 and all applications using the framework’s REST plugin are vulnerable. Trend Micro has released DVToolkit CSW file CVE-2017-9805.csw for the Apache Struts 2 Vulnerability to…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 28, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 01 Sep 2017 13:25:14 +0000

The only topic I can bring up this week is the devastation in Texas caused by Hurricane Harvey. Many cities have been completely destroyed and to add insult to injury, Harvey moved back to the Gulf of Mexico and made landfall again in Louisiana. Catastrophic flooding has left tens of thousands without their homes and…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 21, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 25 Aug 2017 12:00:37 +0000

In last week’s blog entry, I mentioned the fact that the Zero Day Initiative (ZDI) published two zero-day advisories (ZDI-17-691 and ZDI-17-692) for vulnerabilities found in Foxit Reader after Foxit failed to meet the 120-day deadline outlined in ZDI’s disclosure policy. Since the public disclosure, Foxit has reached out to ZDI and has committed to…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 18 Aug 2017 12:00:42 +0000

One of my favorite movies is the 1999 comedy “Galaxy Quest,” which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 7, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 11 Aug 2017 16:07:23 +0000

Earlier this month, a blog post from Blue Frost Security was released stating that they were giving away tickets to the upcoming Ekoparty Security Conference in Argentina. But there was a catch: in order to get the tickets (and free whiskey), entrants had to complete an exploitation challenge and send them the solution. Blue Frost…

Read more