{"id":10275,"date":"2017-11-03T09:00:08","date_gmt":"2017-11-03T17:00:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/03\/news-4048\/"},"modified":"2017-11-03T09:00:08","modified_gmt":"2017-11-03T17:00:08","slug":"news-4048","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/03\/news-4048\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of October 30, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 03 Nov 2017 16:00:09 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Competition is inherent in our DNA. At a basic level, we compete for things like water and food. We also take it up a level and compete for wealth, fame and power. Some compete to be the best in sports, like my Houston Astros winning the 2017 World Series, and others compete to be the best in their industry. While most competitions end up with one winner, sometimes the trophy isn\u2019t the prize. It\u2019s what we learn from the competition that gives use the most value.<\/p>\n

 <\/p>\n

Earlier this week, the Zero Day Initiative (ZDI) held the Mobile Pwn2Own contest in Tokyo, Japan. This year\u2019s contest ended up being our biggest contest ever. A total of 32 unique vulnerabilities were submitted to ZDI over the course of the contest. ZDI awarded contestants a whopping $515,000 as well as multiple mobile phones. Since the contestants \u201cpwn\u201d the phones, they get to own them. While there were several worthy contestants, only one can be crowned the Master of Pwn. Congratulations to the Tencent Keen Security Lab team for earning the Master of Pwn title.<\/p>\n

While the Tencent Keen Security Lab team gets the cool trophy<\/a>, we at Trend Micro get something even more valuable. The Zero Day Initiative works with the affected vendors to ensure they have the information they need to fix the vulnerabilities, and in turn, we get exclusive access to the vulnerability information so that we can provide protection to our customers while patches are being developed.<\/p>\n

Read the Zero Day Initiative blog<\/a> for more details and full coverage of the final Mobile Pwn2Own contest results.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 40 new zero-day filters covering eight vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Adobe (7)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29811: ZDI-CAN-5139: Zero Day Initiative Vulnerability (Adobe Flash)<\/li>\n
  • 29833: ZDI-CAN-5202: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 29834: ZDI-CAN-5203: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 29850: ZDI-CAN-5218: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 29851: ZDI-CAN-5219: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 29852: ZDI-CAN-5220: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 29853: ZDI-CAN-5221: Zero Day Initiative Vulnerability (Adobe Reader DC)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Belkin (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29835: ZDI-CAN-5206: Zero Day Initiative Vulnerability (Belkin Wemo Link)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Foxit (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29849: ZDI-CAN-5216: Zero Day Initiative Vulnerability (Foxit Reader)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Fuji Electric (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29813: HTTP: Fuji Electric V-Server VPR File Parsing Memory Corruption Vulnerability (ZDI-17-485)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Microsoft (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29799: ZDI-CAN-5115: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n
  • 29832: ZDI-CAN-5198: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n
  • 29848: ZDI-CAN-5215: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

NetGain Systems (12)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29800: ZDI-CAN-5118: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29801: ZDI-CAN-5119: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29809: ZDI-CAN-5137: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29810: ZDI-CAN-5138: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29822: ZDI-CAN-5190: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29823: ZDI-CAN-5191: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29824: ZDI-CAN-5192: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29825: ZDI-CAN-5193: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29826: ZDI-CAN-5194: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29827: ZDI-CAN-5195: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29828: ZDI-CAN-5196: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n
  • 29829: ZDI-CAN-5197: Zero Day Initiative Vulnerability (NetGain Systems Enterprise Manager)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

QNAP (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29836: ZDI-CAN-5209: Zero Day Initiative Vulnerability (QNAP QTS)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (14)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29802: ZDI-CAN-5121: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29803: ZDI-CAN-5122: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29805: ZDI-CAN-5123,5124: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29806: ZDI-CAN-5125-5129,5132,5134-5136: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29808: ZDI-CAN-5133: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29812: ZDI-CAN-5161: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29814: ZDI-CAN-5162: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29815: ZDI-CAN-5163: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29816: ZDI-CAN-5164: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29817: ZDI-CAN-5165: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29818: ZDI-CAN-5166,5170: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29819: ZDI-CAN-5169: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29820: ZDI-CAN-5174: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n
  • 29854: ZDI-CAN-5232: Zero Day Initiative Vulnerability (Trend Micro Control Manager)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 03 Nov 2017 16:00:09 +0000<\/strong><\/p>\n

\"\"Competition is inherent in our DNA. At a basic level, we compete for things like water and food. We also take it up a level and compete for wealth, fame and power. Some compete to be the best in sports, like my Houston Astros winning the 2017 World Series, and others compete to be the…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-10275","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10275"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10275\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10275"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}