{"id":7770,"date":"2017-05-26T11:00:45","date_gmt":"2017-05-26T19:00:45","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/26\/news-1555\/"},"modified":"2017-05-26T11:00:45","modified_gmt":"2017-05-26T19:00:45","slug":"news-1555","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/26\/news-1555\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 22, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 26 May 2017 18:26:02 +0000<\/strong><\/p>\n

\"\"<\/p>\n

For those of you who follow the National Football League (NFL), do you remember Super Bowl 47? I wasn\u2019t exactly thrilled about the teams that played since I\u2019m not a 49ers or Ravens fan. What was interesting about the game is that it was halted for over half an hour in the third quarter because of a power outage, earning that game the nickname of \u201cBlackout Bowl.\u201d Although it was eventually ruled a power surge issue, there were many, including me, that thought there could have been foul play involved.<\/p>\n

There is always potential for a cyberattack against our electrical grid and public safety computer systems \u2013 especially during the biggest game of the year!<\/p>\n

We have placed an emphasis on threat intelligence for our customers’ supervisory control and data acquisition (SCADA) networks for over a decade. Earlier this week, the Zero Day Initiative (ZDI) presented a session on their extensive analysis of more than 250 security vulnerabilities in SCADA human machine interface (HMI) systems from 2015-2016 at the Positive Hack Days conference in Moscow. Their research efforts, which included vulnerabilities acquired through the ZDI bug bounty program, found that most of these vulnerabilities are in the areas of memory corruption, poor credential management, lack of authentication\/authorization and insecure defaults, and code injection bugs, all of which are preventable through secure development practices.<\/p>\n

ZDI has released the companion paper that provides the details of what was covered in their presentation. You can access the full report and read commentary from Brian Gorenc here: https:\/\/www.zerodayinitiative.com\/blog\/2017\/5\/19\/hacker-machine-interface-the-state-of-scada-hmi-security<\/a>.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 18 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Foxit (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28323: ZDI-CAN-4816: Zero Day Initiative Vulnerability (Foxit Reader)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hewlett Packard Enterprise (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28287: ZDI-CAN-4759-4761: Zero Day Initiative Vulnerability (HPE Intelligent Management Center)<\/li>\n
  • 28318: ZDI-CAN-4808-4809: Zero Day Initiative Vulnerability (HPE Intelligent Management)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (15)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28282: HTTPS: Trend Micro InterScan Web Security TestingADKerberos Command Injection (ZDI-17-217)<\/li>\n
  • 28293: ZDI-CAN-4645,4649: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28295: ZDI-CAN-4648: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28296: ZDI-CAN-4657,4806: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28297: ZDI-CAN-4658: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28298: ZDI-CAN-4666: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28300: ZDI-CAN-4679: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28301: ZDI-CAN-4691: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28302: ZDI-CAN-4779: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28303: ZDI-CAN-4781: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28310: ZDI-CAN-4782-4783,4787: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)<\/li>\n
  • 28311: ZDI-CAN-4786: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28312: ZDI-CAN-4791: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28313: ZDI-CAN-4792-4793,4796: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)<\/li>\n
  • 28317: ZDI-CAN-4794: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 26 May 2017 18:26:02 +0000<\/strong><\/p>\n

\"\"For those of you who follow the National Football League (NFL), do you remember Super Bowl 47? I wasn\u2019t exactly thrilled about the teams that played since I\u2019m not a 49ers or Ravens fan. What was interesting about the game is that it was halted for over half an hour in the third quarter because…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-7770","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7770"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7770\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7770"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}