Lucene search

Elisa Lippincott (TippingPoint Global Product Marketing)TRENDMICROBLOG:52B0618B9393F16E911AB8A5CC487A7C

HistoryMay 18, 2018 - 2:52 p.m.

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018

2018-05-1814:52:12

Elisa Lippincott (TippingPoint Global Product Marketing)

blog.trendmicro.com

0.973 High

EPSS

Percentile

99.8%

JSON

It’s one thing when your security solutions help protect your organization from a devastating cyberattack. It’s another thing when the company who develops your security solutions takes it to the next level to actually help catch those responsible for some of the biggest cyberattacks in the world. Earlier this week, Trend Micro disclosed the details of its exclusive investigative cooperation with the Federal Bureau of Investigation (FBI) to identify, arrest and bring to trial the individuals linked to the infamous Counter Antivirus (CAV) service Scan4You.

In 2012, Trend Micro began its research on Scan4You, which allowed cybercriminals to check the detection of their latest malware against more than 30 modern antivirus engines, enabling them to make attacks more successful. After close collaboration with the FBI, Scan4You went offline following the arrest of two suspected administrators in May 2017. Ruslans Bondars was found guilty as a result of the recent trial, while Jurijs Martisevs pleaded guilty in March 2018.

You can read more about “The Rise and Fall of {Scan4You}” here.

Red Hat Fedora DHCP Client Network Manager Vulnerability

Yesterday, Trend Micro released DVToolkit CSW file CVE-2018-1111.csw that contains the following filter:

Filter C1000001: DHCP: Red Hat Fedora DHCP Client Network Manager Input Validation Vulnerability
—|—
|

This command injection flaw found in a script included in the DHCP client (dhclient) packages affects Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager, which is configured to obtain network configuration using the DHCP protocol.

Note: This filter will be obsoleted by MainlineDV filter 31851 in next week’s package.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before May 8, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:

Bulletin #	CVE #	Digital Vaccine Filter	Status
APSB18-16	CVE-2018-4944	31588
APSB18-09	CVE-2018-4946	31687
APSB18-09	CVE-2018-4947	31688
APSB18-09	CVE-2018-4948	31589
APSB18-09	CVE-2018-4949	31592
APSB18-09	CVE-2018-4950	31593
APSB18-09	CVE-2018-4951	31594
APSB18-09	CVE-2018-4952	31695
APSB18-09	CVE-2018-4953	31696
APSB18-09	CVE-2018-4954	31697
APSB18-09	CVE-2018-4955	31698
APSB18-09	CVE-2018-4956	N/A	Vendor Deemed Reproducibility or Exploitation Unlikely
APSB18-09	CVE-2018-4957	31699
APSB18-09	CVE-2018-4958	31700
APSB18-09	CVE-2018-4959	31701
APSB18-09	CVE-2018-4960	31702
APSB18-09	CVE-2018-4961	31703
APSB18-09	CVE-2018-4962	31704
APSB18-09	CVE-2018-4963	31705
APSB18-09	CVE-2018-4964	31706
APSB18-09	CVE-2018-4965	31707
APSB18-09	CVE-2018-4966	31708
APSB18-09	CVE-2018-4967	31709
APSB18-09	CVE-2018-4968	31710
APSB18-09	CVE-2018-4969	31711
APSB18-09	CVE-2018-4970	31712
APSB18-09	CVE-2018-4971	31713
APSB18-09	CVE-2018-4972	31714
APSB18-09	CVE-2018-4973	31715
APSB18-09	CVE-2018-4974	31716
APSB18-09	CVE-2018-4975	31717
APSB18-09	CVE-2018-4976	31718
APSB18-09	CVE-2018-4977	31719
APSB18-09	CVE-2018-4978	31720
APSB18-09	CVE-2018-4979	31721
APSB18-09	CVE-2018-4980	31722
APSB18-09	CVE-2018-4981	31723
APSB18-09	CVE-2018-4982	31724
APSB18-09	CVE-2018-4983	31725
APSB18-09	CVE-2018-4984	31726
APSB18-09	CVE-2018-4985	31727
APSB18-09	CVE-2018-4986	31597
APSB18-09	CVE-2018-4987	31598
APSB18-09	CVE-2018-4988	31596
APSB18-09	CVE-2018-4989	31595
APSB18-09	CVE-2018-4990	31591
APSB18-09	CVE-2018-4993	31570

[/lightTable]

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (5)

31622: ZDI-CAN-5587: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)
31624: ZDI-CAN-5590: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
31627: ZDI-CAN-5595: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
31628: ZDI-CAN-5596: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
—|—
|

Microsoft (2)

31620: ZDI-CAN-5567: Zero Day Initiative Vulnerability (Microsoft Visual Studio)
31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams)
—|—
|

Omron (1)

30435: HTTP: Omron CX-One CX-FLnet Version Buffer Overflow Vulnerability (ZDI-18-289)
—|—
|

Trend Micro (3)

31619: ZDI-CAN-5553: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
31625: ZDI-CAN-5592: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
31626: ZDI-CAN-5594: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
—|—
|

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018 appeared first on .