{"id":12203,"date":"2018-05-04T05:00:16","date_gmt":"2018-05-04T13:00:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/05\/04\/news-5972\/"},"modified":"2018-05-04T05:00:16","modified_gmt":"2018-05-04T13:00:16","slug":"news-5972","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/05\/04\/news-5972\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 30, 2018"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 May 2018 12:00:08 +0000<\/strong><\/p>\n

\"\"<\/p>\n

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents\u2019 dresser to the bed. I quickly found out there\u2019s a reason why many TV shows and events will start out with the message \u201cdon\u2019t try this at home.\u201d I ended up in the emergency room with a fractured left arm.<\/p>\n

 <\/p>\n

While there are many that will say that imitation is the sincerest form of flattery, it can result in unintended consequences. Earlier this week, Zero Day Initiative (ZDI) researcher Simon Zuckerbraun published a blog detailing how copying and pasting code samples from even well-known websites could introduce vulnerabilities. While online resources may seem helpful, developers need to carefully review the sample code and understand the security risk involved. You can read more on this topic in Simon\u2019s blog here: Running with Scissors: The Dangers of Cutting and Pasting Sample Code<\/a>.<\/p>\n

Drupal Vulnerability Exploited in the Wild<\/strong><\/p>\n

Last week, a Drupal core vulnerability was announced<\/a> with the advice to patch as soon as possible as it was being exploited in the wild. This vulnerability allows a remote attacker to execute code on a Drupal website through multiple attack vectors. We released CSW filters last Thursday to protect customers with TippingPoint devices. Those have now been replaced with the following filter that was released in this week\u2019s DV filter package:<\/p>\n

\u2022 31461: HTTP: Drupal Core Multiple Subsystems Hash Fragment Identifier Input Validation Vulnerability<\/p>\n

Customers with other Trend Micro solutions can check available protections here<\/a>.\u00a0<\/strong><\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Microsoft (1)<\/em><\/strong><\/p>\n

\u2022 31451: HTTP: Microsoft VBScript Engine Sub Class_Terminate Class Event Usage<\/p>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

The post TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 30, 2018<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 May 2018 12:00:08 +0000<\/strong><\/p>\n

\"\"<\/p>\n

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents\u2019 dresser to the bed. I…<\/p>\n

The post TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 30, 2018<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[18255,10384,714,10415,11524],"class_list":["post-12203","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-digital-vaccine","tag-network","tag-security","tag-zero-day-initiative","tag-zero-day"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12203"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12203\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}