TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 29, 2018

2018-02-02T15:37:00
ID TRENDMICROBLOG:3D10CBD93A66876F4A8CE75D3CC650D3
Type trendmicroblog
Reporter Elisa Lippincott (TippingPoint Global Product Marketing)
Modified 2018-02-02T15:37:00

Description

Late last year, Trend Micro introduced its Security Predictions for 2018. One of the predictions stated that digital extortion will be at the core of most cybercriminals’ business model. It’s much more than just ransomware – it is the most successful criminal business model in the current threat landscape.

Valuable information is accessible throughout corporate networks in ways not previously considered and vulnerabilities across the IT landscape could provide an entry point for attackers to damage the integrity or accessibility of critical data.

Earlier this week, Trend Micro released new research that can help educate businesses and individuals, particularly in high risk industries like healthcare and manufacturing, on the breadth of digital extortion, what is targeted, and how to mitigate the risks. Learn how digital extortion figures into the threat landscape this year by reading “Digital Extortion: A Forward-looking View.”

Zero-Day Filters

There are 17 new zero-day filters covering eight vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (2)

|

  • 30226: HTTP: Advantech WebAccess BWSCADASoap Login Method SQL Injection Vulnerability (ZDI-18-065)
  • 30228: HTTP: Advantech WebAccess gChkUser ChkAdminViewUsrPwd SQL Injection Vulnerability (ZDI-18-064)
    ---|---
    |

Hewlett Packard Enterprise (2)

|

  • 30260: HTTP: HPE Moonshot Provisioning Manager Appliance server_response Directory Traversal (ZDI-18-003)
  • 30261: HTTPS: HPE Moonshot Provisioning Manager Appliance server_response Directory Traversal (ZDI-18-003)
    ---|---
    |

Indusoft (1)

|

  • 30299: HTTP: InduSoft Web Studio Directory Traversal (ZDI-14-118)
    ---|---
    |

Microsoft (6)

|

  • 30258: HTTP: Microsoft Internet Explorer Chakra Memory Allocator Integer Overflow (ZDI-18-066)
  • 30273: ZDI-CAN-5321: Zero Day Initiative Vulnerability (Microsoft Chakra)
  • 30274: ZDI-CAN-5322: Zero Day Initiative Vulnerability (Microsoft Edge)
  • 30275: ZDI-CAN-5323: Zero Day Initiative Vulnerability (Microsoft Edge)
  • 30276: ZDI-CAN-5324: Zero Day Initiative Vulnerability (Microsoft Chakra)
  • 30277: ZDI-CAN-5325: Zero Day Initiative Vulnerability (Microsoft Excel)
    ---|---
    |

NetGain Systems (1)

|

  • 30272: HTTP: NetGain Systems Enterprise Manager MainFilter Authentication Bypass Vulnerability (ZDI-17-955)
    ---|---
    |

Novell (3)

|

  • 30281: HTTPS: Novell File Reporter Buffer Overflow (ZDI-12-167)
  • 30284: HTTPS:Novell NetIQ Sentinel ReportViewServlet fileName Directory Traversal Vulnerability(ZDI-16-406)
  • 30302: HTTPS: Novell NetIQ Sentinel SentinelContext Authentication Bypass Vulnerability (ZDI-16-406)
    ---|---
    |

systemd (1)

|

  • 30116: DNS: Systemd resolved dns_packet_read_type_window Denial-of-Service Vulnerability (ZDI-17-923)
    ---|---
    |

Trend Micro (1)

|

  • 30296: HTTPS: Trend Micro Control Manager AdHocQuery Processor SQL Injection Vulnerability (ZDI-16-456)
    ---|---
    |

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.