{"id":10937,"date":"2017-12-22T08:00:27","date_gmt":"2017-12-22T16:00:27","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/22\/news-4709\/"},"modified":"2017-12-22T08:00:27","modified_gmt":"2017-12-22T16:00:27","slug":"news-4709","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/22\/news-4709\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of December 18, 2017"},"content":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 22 Dec 2017 15:51:16 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>In the 2000 movie <a href=\"http:\/\/www.imdb.com\/title\/tt0146882\/\"><em>High Fidelity<\/em><\/a>, the concept of making lists is a dominant focus. What are your top five favorite records? Top five side one, track ones? Top five dream jobs? In the movie, Rob Gordon, portrayed by John Cusack, decides to categorize his top five most memorable breakups in order to determine why his relationships keep going downhill. It\u2019s inherent in our nature to create lists \u2013 they help us remember what to do and they bring some order to the overload of information we have to deal with on a daily basis. And if your lists are good enough, you might even become famous for them \u2013 like former TV talk show host David Letterman.<\/p>\n<p>At Trend Micro, we like our lists too. This week, the Zero Day Initiative (ZDI) released its own list, taking a look at the top five most interesting cases submitted to the program in 2017. The program has broken the 1,000 disclosed vulnerability mark, making 2017 the biggest year yet (with a few days left to go before the end of the year)! From integer underflows in Adobe Reader to virtual machine escapes, you can read the following blog series to see what ZDI deemed the most interesting cases of 2017:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li><a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/12\/18\/reading-backwards-controlling-an-integer-underflow-in-adobe-reader\">Reading Backwards \u2013 Controlling an Integer Underflow in Adobe Reader<\/a><\/li>\n<li><a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/12\/19\/apache-groovy-deserialization-a-cunning-exploit-chain-to-bypass-a-patch\">Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch<\/a><\/li>\n<li><a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/12\/20\/invariantly-exploitable-input-an-apple-safari-bug-worth-revisiting\">Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting<\/a><\/li>\n<li><a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/12\/21\/vmwares-launch-escape-system\">VMware\u2019s Launch Escape System<\/a><\/li>\n<li><a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/12\/22\/a-matching-pair-of-use-after-free-bugs-in-chakra-asmjs\">A Matching Pair of Use-After-Free Bugs in Chakra asm.js<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Zero-Day Filters<\/strong><\/p>\n<p>There are three new zero-day filters from one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/published\/\">published advisories<\/a> and <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/upcoming\/\">upcoming advisories<\/a> on the <a href=\"http:\/\/www.zerodayinitiative.com\/\">Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter <a href=\"https:\/\/twitter.com\/thezdi\">@thezdi<\/a> and on their <a href=\"https:\/\/www.zerodayinitiative.com\/blog\">blog<\/a>.<\/p>\n<p><strong><em>Adobe (3)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29943: ZDI-CAN-5149: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29944: ZDI-CAN-5150: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29945: ZDI-CAN-5151: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Missed Last Week\u2019s News?<\/strong><\/p>\n<p>Catch up on last week\u2019s news in my <a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-december-11-2017\/\">weekly recap<\/a>.<\/p>\n<p><a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-december-18-2017\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 22 Dec 2017 15:51:16 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>In the 2000 movie High Fidelity, the concept of making lists is a dominant focus. What are your top five favorite records? Top five side one, track ones? Top five dream jobs? In the movie, Rob Gordon, portrayed by John Cusack, decides to categorize his top five most memorable breakups in order to determine why&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-10937","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10937"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10937\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10937"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}