{"id":8036,"date":"2017-06-23T08:00:20","date_gmt":"2017-06-23T16:00:20","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/23\/news-1813\/"},"modified":"2017-06-23T08:00:20","modified_gmt":"2017-06-23T16:00:20","slug":"news-1813","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/06\/23\/news-1813\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 19, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 23 Jun 2017 14:44:46 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Yesterday I celebrated my 29th<\/sup> birthday (again) and it was great to celebrate with friends, family, and coworkers. They say age is just a number, and I truly believe that. Unfortunately, we live in a world where laws require us to count numbers so that it can be determined if we can vote, drink, rent a car, and even retire from the workforce.<\/p>\n

In our cyber security world, we love to count. In the world of the Zero Day Initiative (ZDI), the number of vulnerabilities disclosed so far in 2017 is just a number, but it\u2019s a really big number! Last year, the ZDI publicly disclosed a record 690 vulnerabilities covering almost 50 vendors. As of the publishing of this blog, the number currently stands at 441! Is this the year we hit 1,000? Only time will tell. In the meantime, I invite you to take a sneak peek into the inner workings of the ZDI by reading Dustin Child\u2019s blog: The Inside Scoop on the World\u2019s Leading Bug Bounty Program<\/a>.\u00a0<\/strong><\/p>\n

Adobe Security Updates<\/strong><\/p>\n

This week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before June 13, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 June 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n
Bulletin #<\/strong><\/td>\nCVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3075<\/td>\n*28094<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3076<\/td>\n28656<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3077<\/td>\n28669<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3078<\/td>\n28657<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3079<\/td>\n28658<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3081<\/td>\n28659<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3082<\/td>\n28660<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3083<\/td>\n28661<\/td>\n<\/td>\n<\/tr>\n
APSB17-17<\/td>\nCVE-2017-3084<\/td>\n28662<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are 24 new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (16)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28654: ZDI-CAN-4733: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28660: HTTP: Adobe Flash determinePreferredLocales Memory Corruption Vulnerability (ZDI-17-408)<\/li>\n
  • 28661: HTTP: Adobe Flash Profile Objects Use-After-Free Vulnerability (ZDI-17-406)<\/li>\n
  • 28662: HTTP: Adobe Flash AdvertisingMetadata Use-After-Free Vulnerability (ZDI-17-407)<\/li>\n
  • 28663: ZDI-CAN-4734: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28664: ZDI-CAN-4746: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28666: ZDI-CAN-4747: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28668: ZDI-CAN-4767: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28730: ZDI-CAN-4827: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28731: ZDI-CAN-4828: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28732: ZDI-CAN-4829: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28733: ZDI-CAN-4830: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28734: ZDI-CAN-4842: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28735: ZDI-CAN-4843: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28736: ZDI-CAN-4844: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n
  • 28741: ZDI-CAN-4854: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hewlett Packard Enterprise (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28633: HTTP: HPE Network Automation FileServlet Information Disclosure Vulnerability (ZDI-17-330)<\/li>\n
  • 28634: HTTPS: HPE Network Automation FileServlet Information Disclosure Vulnerability (ZDI-17-330)<\/li>\n
  • 28740: ZDI-CAN-4853: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Microsoft (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28729: ZDI-CAN-4826: Zero Day Initiative Vulnerability (Microsoft Chakra)<\/li>\n
  • 28737: ZDI-CAN-4845: Zero Day Initiative Vulnerability (Microsoft Office Word)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trend Micro (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28535: HTTPS: Trend Micro InterScan Web Security testConfiguration Command Injection (ZDI-17-232)<\/li>\n
  • 28723: ZDI-CAN-4780: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)<\/li>\n
  • 28724: ZDI-CAN-4784-4785,4805: Zero Day Initiative Vulnerability (Trend Micro Mobile Security)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 23 Jun 2017 14:44:46 +0000<\/strong><\/p>\n

\"\"Yesterday I celebrated my 29th birthday (again) and it was great to celebrate with friends, family, and coworkers. They say age is just a number, and I truly believe that. Unfortunately, we live in a world where laws require us to count numbers so that it can be determined if we can vote, drink, rent…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-8036","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8036"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8036\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8036"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}