{"id":8207,"date":"2017-06-30T04:10:34","date_gmt":"2017-06-30T12:10:34","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/30\/news-1982\/"},"modified":"2017-06-30T04:10:34","modified_gmt":"2017-06-30T12:10:34","slug":"news-1982","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/06\/30\/news-1982\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 26, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 30 Jun 2017 12:00:57 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The late 70s\/early 80s American television show Three\u2019s Company<\/em> was one of my favorite shows growing up. The central theme of the show revolved around the lives of three roommates. Each episode usually involved a misunderstanding, then chaos would ensue. In the end, everything would turn out okay. Unfortunately, this week\u2019s episode of \u201cransomware in the news\u201d isn\u2019t over \u2013 there are still misunderstandings about the latest attack named \u201cPetya,\u201d even on what to call it!<\/p>\n

This past Tuesday, a ransomware attack similar to WannaCry shut down computers all over the world. It was initially thought that this new attack was an updated version of Petya from 2016. Others said it was a whole new malware that had Petya characteristics. Even further, now there is speculation that it\u2019s not ransomware at all \u2013 that its objective was to permanently destroy data. No extortion \u2013 just destruction \u2013 and no happy ending to this week\u2019s episode.<\/p>\n

Trend Micro TippingPoint continues to actively review the situation in order to recommend coverage for customers using TippingPoint solutions. As of this blog posting, we have verified the following vulnerability Digital Vaccine\u00ae (DV) filters that protect against the propagation of the Petya ransomware listed in the table below:<\/p>\n

 <\/p>\n\n\n\n\n\n
CVE Number<\/strong><\/td>\nDV Filter(s)<\/strong><\/td>\nCategory<\/strong><\/td>\nDefault Deployment<\/strong><\/td>\nComments<\/strong><\/td>\n<\/tr>\n
CVE-2017-0144<\/p>\n

CVE-2017-0146<\/td>\n

27298<\/td>\nVulnerabilities<\/td>\nDisabled<\/td>\nSMB: Microsoft Windows SMB Remote Code Execution Vulnerability (EternalBlue)<\/td>\n<\/tr>\n
CVE-2017-0147<\/td>\n27931<\/td>\nVulnerabilities<\/td>\nDisabled<\/td>\nSMB: Microsoft Windows SMBv1 Information Disclosure Vulnerability (EternalRomance)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Customers who wish to enforce generic policy at the network perimeter can use the following security policy filter to block all inbound SMBv1 traffic:<\/p>\n

 <\/p>\n\n\n\n\n
CVE Number<\/strong><\/td>\nDV Filter(s)<\/strong><\/td>\nCategory<\/strong><\/td>\nDefault Deployment<\/strong><\/td>\nComments<\/strong><\/td>\n<\/tr>\n
None<\/td>\n28471<\/td>\nSecurity Policy<\/td>\nDisabled<\/td>\nSMB: SMBv1 Successful Protocol Negotiation<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Customers with questions or who need technical assistance can contact the TippingPoint Technical Assistance Center (TAC). For further information related to Trend Micro\u2019s response and our recommendations as a whole, please visit https:\/\/success.trendmicro.com\/solution\/1117665<\/a>.<\/p>\n

 <\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are nine new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> web site.<\/p>\n

 <\/p>\n

Foxit (4)<\/em><\/strong><\/p>\n