{"id":8576,"date":"2017-08-04T07:00:41","date_gmt":"2017-08-04T15:00:41","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/04\/news-2349\/"},"modified":"2017-08-04T07:00:41","modified_gmt":"2017-08-04T15:00:41","slug":"news-2349","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/08\/04\/news-2349\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of July 31, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 Aug 2017 13:39:37 +0000<\/strong><\/p>\n

\"\"<\/p>\n

During the DefCon Conference last week, a Windows SMB vulnerability was revealed late last week by researchers from RiskSense. The 20-year-old bug can be found in Windows 2000 up to Windows 10. Microsoft has indicated that it will not be issuing a patch for the vulnerability as it doesn’t meet their bar for servicing in a security update. Earlier this week, we released DVToolkit CSW file SMBLoris.csw to customers using TippingPoint solutions. This custom filter detects an attempt to exploit a denial-of-service vulnerability in Windows SMB and Unix\/Linux Samba servers. The vulnerability is triggered by sending a specially crafted NBSS packet resulting in a denial-of-service. SMBLoris is categorized as a memory exhaustion vulnerability.<\/p>\n

Customers should note that this filter should only be enabled for suspected denial-of-service attacks in conjunction with IPS thresholding and a tuned number of occurrences in order to eliminate false positives on legitimate requests. The proper setting for number of hits on this filter should be customized for the customer’s environment. For more details, visit https:\/\/smbloris.com<\/a>.<\/p>\n

Customers who have questions or need technical assistance on any Trend Micro TippingPoint product can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There is one new zero-day filter covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website.<\/p>\n

Apple (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 28985: HTTP: Array concat Method Usage with Suspiciously Big Arrays (ZDI-17-350)\u00a0<\/em><\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 Aug 2017 13:39:37 +0000<\/strong><\/p>\n

\"\"During the DefCon Conference last week, a Windows SMB vulnerability was revealed late last week by researchers from RiskSense. The 20-year-old bug can be found in Windows 2000 up to Windows 10. Microsoft has indicated that it will not be issuing a patch for the vulnerability as it doesn’t meet their bar for servicing in…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-8576","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8576"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8576\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}