{"id":10143,"date":"2017-10-27T08:00:18","date_gmt":"2017-10-27T16:00:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/27\/news-3916\/"},"modified":"2017-10-27T08:00:18","modified_gmt":"2017-10-27T16:00:18","slug":"news-3916","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/10\/27\/news-3916\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of October 23, 2017"},"content":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 27 Oct 2017 12:00:32 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Just like Bugs Bunny wears disguises to avert his enemies, there\u2019s another \u201cwascally\u201d rabbit causing trouble in the form of ransomware. Bad Rabbit is the latest ransomware campaign hitting Eastern European countries with what looks like a variant of the Petya\/NotPetya ransomware. Bad Rabbit spreads via fake Adobe Flash updates and also leverages some of the exploits released by Shadowbrokers earlier this year.<\/p>\n<p>&nbsp;<\/p>\n<p>I know sometimes it\u2019s easier said than done based on patch management schedules \u2013 make sure to apply vendor critical patches as soon as possible. Trend Micro is keeping close tabs on the situation and has pulled together valuable resources with detailed information.<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>TrendLabs Security Intelligence Blog: <a href=\"http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/bad-rabbit-ransomware-spreads-via-network-hits-ukraine-russia\/\">Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia<\/a><\/li>\n<li>Knowledge Base Article: <a href=\"https:\/\/success.trendmicro.com\/solution\/1118637\">Preventing Bad Rabbit ransomware attack using Trend Micro products<\/a><\/li>\n<li>FAQs: <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/protecting-yourself-from-bad-rabbit-ransomware\">Protecting Yourself from Bad Rabbit Ransomware<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Mobile Pwn2Own<\/strong><\/p>\n<p>Next week, the Zero Day Initiative will be hosting this year\u2019s Mobile Pwn2Own in Tokyo, Japan. More than $500,000 USD is available in the prize pool, and we\u2019re giving add-on bonuses for exploits that meet a higher bar of difficulty. This year\u2019s targets include Google Pixel, Samsung Galaxy S8, Apple iPhone 7 and Huawei Mate9 Pro. You can check out all the contest details and rules <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/8\/24\/mobile-pwn2own-2017-returns-to-tokyo\">here<\/a>.<\/p>\n<p>The team will be <a href=\"https:\/\/www.zerodayinitiative.com\/blog\">live blogging<\/a> and tweeting results throughout the competition. For continuing coverage of the event, make sure to follow <a href=\"https:\/\/twitter.com\/thezdi\">@thezdi<\/a> and <a href=\"https:\/\/twitter.com\/trendmicro\">@trendmicro<\/a> on Twitter, and keep an eye on the <a href=\"https:\/\/twitter.com\/hashtag\/MP2O?src=hash\">#MP2O<\/a> hashtag for continuing coverage.<\/p>\n<p><strong>Zero-Day Filters<\/strong><\/p>\n<p>There are 20 new zero-day filters covering 10 vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/published\/\">published advisories<\/a> and <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/upcoming\/\">upcoming advisories<\/a> on the <a href=\"http:\/\/www.zerodayinitiative.com\/\">Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter <a href=\"https:\/\/twitter.com\/thezdi\">@thezdi<\/a> and on their <a href=\"https:\/\/www.zerodayinitiative.com\/blog\">blog<\/a>.<\/p>\n<p><strong><em>Apple (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29781: ZDI-CAN-5096: Zero Day Initiative Vulnerability (Apple Safari)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Belkin (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29780: ZDI-CAN-5095: Zero Day Initiative Vulnerability (Belkin Wemo Link)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Cisco (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29759: HTTP: Cisco Prime Collaboration Provisioning Logs Directory Information Disclosure (ZDI-17-449)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Foxit (4)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29696: ZDI-CAN-5073: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n<li>29768: ZDI-CAN-5091: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n<li>29769: ZDI-CAN-5092: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n<li>29772: ZDI-CAN-5094: Zero Day Initiative Vulnerability (Foxit Reader)<strong><em>\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Hewlett Packard Enterprise (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29770: ZDI-CAN-5093: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Microsoft (6)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29765: HTTP: Microsoft Internet Explorer NewMessage Privilege Escalation Vulnerability (ZDI-16-018)<\/li>\n<li>29784: ZDI-CAN-5105: Zero Day Initiative Vulnerability (Microsoft Office Excel)<\/li>\n<li>29786: ZDI-CAN-5111: Zero Day Initiative Vulnerability (Microsoft Windows)<\/li>\n<li>29794: ZDI-CAN-5112: Zero Day Initiative Vulnerability (Microsoft Windows)<\/li>\n<li>29795: ZDI-CAN-5113: Zero Day Initiative Vulnerability (Microsoft Office Publisher)<\/li>\n<li>29796: ZDI-CAN-5114: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>NetGain Systems (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29783: ZDI-CAN-5104: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Novell (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29767: ZDI-CAN-5087: Zero Day Initiative Vulnerability (Novell NetIQ Access Manager)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Schneider Electric (3)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29762: HTTP: Schneider Electric U.motion Builder syslog_getdata SQL Injection Vulnerability (ZDI-17-379)<\/li>\n<li>29763: HTTP: Schneider Electric U.motion Builder track_getdata SQL Injection Vulnerability (ZDI-17-382)<\/li>\n<li>29764: HTTP: Schneider Electric U.motion Builder editobject SQL Injection Vulnerability (ZDI-17-384)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Trend Micro (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29785: ZDI-CAN-5107: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Missed Last Week\u2019s News?<\/strong><\/p>\n<p>Catch up on last week\u2019s news in my <a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-october-16-2017\/\">weekly recap<\/a>.<\/p>\n<p><a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-october-23-2017\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 27 Oct 2017 12:00:32 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>Just like Bugs Bunny wears disguises to avert his enemies, there\u2019s another \u201cwascally\u201d rabbit causing trouble in the form of ransomware. Bad Rabbit is the latest ransomware campaign hitting Eastern European countries with what looks like a variant of the Petya\/NotPetya ransomware. Bad Rabbit spreads via fake Adobe Flash updates and also leverages some of&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-10143","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10143"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10143\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10143"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}