{"id":8412,"date":"2017-07-21T09:00:44","date_gmt":"2017-07-21T17:00:44","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/07\/21\/news-2186\/"},"modified":"2017-07-21T09:00:44","modified_gmt":"2017-07-21T17:00:44","slug":"news-2186","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/07\/21\/news-2186\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of July 17, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 21 Jul 2017 18:07:14 +0000<\/strong><\/p>\n

\"\"<\/p>\n

If you conduct a search on the Web for the number of languages spoken around the world, you\u2019ll see numbers ranging anywhere from 6,000-7,000. I figure I\u2019m doing okay since I can speak English and Spanish, sign the English alphabet, recite the Greek alphabet, and read music. There are roughly over 1.2 billion web sites on the Internet, yet, a large majority of those sites share the same programming language.<\/p>\n

 <\/p>\n

Earlier this week, Zero Day Initiative (ZDI) vulnerability researcher Simon Zuckerbraun published a blog<\/a> discussing how JavaScript grew from a simple scripting language to become the assembly language of the web. According to the results of the 2016 StackOverflow Developer Survey<\/a>, \u201cJavaScript is the most commonly used programming language on Earth.\u201d In addition to its role as a programming language, JavaScript often serves as the intermediate representation for dozens of other compiled languages. So you can imagine what can happen. A new class of security risk is emerging in connection with JavaScript \u2013 the danger of vulnerabilities in the execution engine itself. Simon\u2019s blog is the first in a series on JavaScript vulnerabilities and how the broad implementation of the language affects the enterprise attack surface. You can read his blog here: Understanding Risk in the Unintended Giant: JavaScript<\/a>.<\/p>\n

Adobe Security Update<\/strong><\/p>\n

This week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before July 11, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 July 2017 Security Update Review<\/a> from the Zero Day Initiative:<\/p>\n

\n\n\n\n\n\n\n
Bulletin #<\/strong><\/td>\nCVE #<\/strong><\/td>\nDigital Vaccine Filter #<\/strong><\/td>\nStatus<\/strong><\/td>\n<\/tr>\n
APSB17-21<\/td>\nCVE-2017-3080<\/td>\n29078<\/td>\n<\/td>\n<\/tr>\n
APSB17-21<\/td>\nCVE-2017-3099<\/td>\n29130<\/td>\n<\/td>\n<\/tr>\n
APSB17-21<\/td>\nCVE-2017-3100<\/td>\n*28917<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Adobe (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29078: HTTP: Adobe Flash Broker API Information Disclosure Vulnerability (ZDI-17-486)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 21 Jul 2017 18:07:14 +0000<\/strong><\/p>\n

\"\"If you conduct a search on the Web for the number of languages spoken around the world, you\u2019ll see numbers ranging anywhere from 6,000-7,000. I figure I\u2019m doing okay since I can speak English and Spanish, sign the English alphabet, recite the Greek alphabet, and read music. There are roughly over 1.2 billion web sites…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-8412","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8412"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8412\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8412"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}