{"id":11430,"date":"2018-02-09T10:00:13","date_gmt":"2018-02-09T18:00:13","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/02\/09\/news-5201\/"},"modified":"2018-02-09T10:00:13","modified_gmt":"2018-02-09T18:00:13","slug":"news-5201","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/09\/news-5201\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of February 5, 2018"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 09 Feb 2018 16:55:38 +0000<\/strong><\/p>\n

\"\"<\/p>\n

It was a busy week in the cyber security world, but it shouldn\u2019t be surprising given that the 2018 Winter Olympics in Pyeongchang have begun. I shouldn\u2019t blame just the Olympics, but it\u2019s hard not to given the international focus, controversy around the ban of certain athletes and its proximity to a certain country. So let\u2019s jump right in\u2026<\/p>\n

Adobe Flash Player<\/strong><\/p>\n

Earlier this week, Adobe released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123. Both bugs are classified as use-after-free vulnerabilities that can result in remote code execution. The vulnerability that is being actively exploited (CVE-2018-4878) was found by Kr-CERT\/CC, South Korea’s national computer emergency response team. The other vulnerability (CVE-2018-4877) came through our Zero Day Initiative via “bo13oy” of Qihoo 360’s Vulcan Team.<\/p>\n

This week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for the Adobe Flash vulnerabilities. The following table maps Digital Vaccine filters to the Adobe updates:<\/p>\n

\n\n\n\n\n\n
Bulletin #<\/strong><\/td>\nCVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
APSB18-03<\/td>\nCVE-2018-4877<\/td>\n30346<\/td>\n<\/td>\n<\/tr>\n
APSB18-03<\/td>\nCVE-2018-4878<\/td>\n30343<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

WordPress \u201cload-script\u201d Usage Vulnerability<\/strong><\/p>\n

On Tuesday, we released DVToolkit CSW file CVE-2018-6389.csw for the WordPress \u201cload-script\u201d usage vulnerability. This filter detects usage of load-scripts.php in WordPress. The load-scripts.php is a built-in script in WordPress that processes user-defined requests. Due to insufficient validation, any user can send large amounts of requests for processing which could cause system resource exhaustion and result in a denial-of-service condition. User authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30356.<\/p>\n

Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability<\/strong><\/p>\n

We also released DVToolkit CSW file CVE-2018-0101.csw for the Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability. This filter detects an attempt to exploit a memory corruption vulnerability in the Cisco Adaptive Security Appliance (ASA). The specific flaw is due to a failure to properly allocate memory when parsing the host-scan-reply tag. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30369.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 11 new zero-day filters covering five vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Foxit (6)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30318: ZDI-CAN-5312: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30319: ZDI-CAN-5370,5372: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30333: ZDI-CAN-5371: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30335: ZDI-CAN-5373: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30337: ZDI-CAN-5374: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n
  • 30338: ZDI-CAN-5375: Zero Day Initiative Vulnerability (Foxit Reader)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hewlett Packard Enterprise (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30308: HTTP: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)<\/li>\n
  • 30309: HTTPS: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Microsoft (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30330: ZDI-CAN-5369: Zero Day Initiative Vulnerability (Microsoft Internet Explorer)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Quest (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28124: HTTP: Quest NetVault Backup Multipart Request Header Buffer Overflow Vulnerability (ZDI-18-004)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 30311: HTTPS: Trend Micro Mobile Security for Enterprise SQL Injection (ZDI-17-782)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 09 Feb 2018 16:55:38 +0000<\/strong><\/p>\n

\"\"It was a busy week in the cyber security world, but it shouldn\u2019t be surprising given that the 2018 Winter Olympics in Pyeongchang have begun. I shouldn\u2019t blame just the Olympics, but it\u2019s hard not to given the international focus, controversy around the ban of certain athletes and its proximity to a certain country. So…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[12608,10384,714,10752,10415],"class_list":["post-11430","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-cyber-security","tag-network","tag-security","tag-vulnerabilities","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11430"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11430\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11430"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}