{"id":9616,"date":"2017-09-29T11:00:02","date_gmt":"2017-09-29T19:00:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/29\/news-3389\/"},"modified":"2017-09-29T11:00:02","modified_gmt":"2017-09-29T19:00:02","slug":"news-3389","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/29\/news-3389\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of September 25, 2017"},"content":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 29 Sep 2017 18:24:40 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>A couple of years back, I remember working at a tradeshow booth and giving a demo to someone who was interested in our solution. He said, \u201cYour solution is great, but I need something that will not let anyone from the outside in my network and I need something that will not let my employees do anything on the Internet.\u201d I asked, \u201cYou don\u2019t want your employees doing anything on the Web?\u201d He replied, \u201cCorrect. If they want to do something on the Web, they can do it on their own time and on their own systems.\u201d Hmmm. My tongue-in-cheek response? \u201cTurn off your Internet connection.\u201d I get it\u2026no one wants to have to deal with cyber-attacks, especially in light of recent breaches like Equifax and Sonic Drive-In, and no one wants to deal with zero-day attacks either. Speaking of zero-days\u2026<\/p>\n<p>Earlier this week, the Zero Day Initiative (ZDI) published a zero-day advisory for a bug in the EMC Data Protection Advisor. The team follows specific guidelines on this, so when the time comes where they have to publish an advisory, it\u2019s a big deal. While some of the bugs were addressed through security patches, one bug was not patched because EMC described the issue as \u201cby design.\u201d The bug makes it possible to specify arbitrary executables and even remote storage locations. Although the vulnerability is quite straightforward, exploitation is not as trivial. The endpoint is only reachable by authenticated users, which can be a little interesting since every installation comes with multiple free backdoor accounts: DPA Metrics User, Agent Registration User, and Donald Duck. Yes, I said Donald Duck, the Disney cartoon character \u2013 who also happens to have Administrator privileges! Additional steps are needed for full exploitation, which the researcher has provided. This selection of bugs discovered by the researcher has demonstrated how attackers can combine multiple non-RCE vulnerabilities in a target to eventually achieve total system compromise. You can read the details of the EMC zero-day and watch a video on how the exploit chain can be used on the <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2017\/9\/26\/duck-assisted-code-execution-in-emc-data-protection-advisor\">ZDI blog<\/a>.<\/p>\n<p><strong>Zero-Day Filters<\/strong><\/p>\n<p>There are seven new zero-day filters covering two vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/published\/\">published advisories<\/a> and <a href=\"http:\/\/www.zerodayinitiative.com\/advisories\/upcoming\/\">upcoming advisories<\/a> on the <a href=\"http:\/\/www.zerodayinitiative.com\/\">Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter <a href=\"https:\/\/twitter.com\/thezdi\">@thezdi<\/a> and on their <a href=\"https:\/\/www.zerodayinitiative.com\/blog\">blog<\/a>.<\/p>\n<p><strong><em>Adobe (6)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29634: ZDI-CAN-5035: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29635: ZDI-CAN-5036: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29636: ZDI-CAN-5037: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29637: ZDI-CAN-5038: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29638: ZDI-CAN-5039: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<li>29639: ZDI-CAN-5040: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong><em>Cisco (1)<\/em><\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"20px\"><\/td>\n<td>\n<ul>\n<li>29640: ZDI-CAN-5041: Zero Day Initiative Vulnerability (Cisco Webex)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Missed Last Week\u2019s News?<\/strong><\/p>\n<p>Catch up on last week\u2019s news in my <a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-september-11-2017\/\">weekly recap<\/a>.<\/p>\n<p><a href=\"http:\/\/blog.trendmicro.com\/tippingpoint-threat-intelligence-zero-day-coverage-week-september-25-2017\/\" target=\"bwo\" >http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 29 Sep 2017 18:24:40 +0000<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"205\" src=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-300x205.jpg\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" style=\"float: left; margin-right: 5px;\" srcset=\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint.jpg 300w, http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/08\/TippingPoint-125x85.jpg 125w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>A couple of years back, I remember working at a tradeshow booth and giving a demo to someone who was interested in our solution. He said, \u201cYour solution is great, but I need something that will not let anyone from the outside in my network and I need something that will not let my employees&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-9616","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9616"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9616\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9616"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}