Friday, 27. May 2016

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 23, 2016

TP-WeeklyBlog-300x205I think I do a decent job of backing up my data on my various devices. I have everything ranging from old emails to various photos I’ve taken throughout the years. I don’t want to lose my stuff under any circumstances, whether because a system died or I lost an external hard drive. But despite our best intentions, life can get in the way and boom! You forget to save something. That happened to me yesterday when I upgraded my work laptop to the latest operating system. I had saved and backed up everything. I was ready to go, or so I thought. When I got my laptop back and opened my browser, I realized that I forgot to save my bookmarks. I’m not talking about a handful of bookmarks. I’m talking about hundreds I’ve collected over the years. All gone. Poof!

After muttering a few obscenities to myself and searching the Web for a possible solution, I was eventually able to restore my bookmarks. While it was a minor inconvenience, it’s nothing compared to losing your data because you’ve become a victim of ransomware. Ransomware is a hot topic right now, with many in the security industry, including Trend Micro, predicting that 2016 is the year for ransomware. The topic isn’t new: ransomware has been around a while (over 25 years), but those behind a ransomware attack are now more sophisticated and there’s no guarantee that if you pay a ransom, you’ll get the decryption key to restore your files. If you’re a TippingPoint customer, you have access to ransomware filters through our Digital Vaccine® service as well as our ThreatDV service. We’re able to recognize various ransomware families and provide tools to help customers avoid losing their data and their money. Customers who need assistance with the ransomware filters can visit the TippingPoint Threat Management Center (TMC) for more information.

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!

Zero-Day Filters

There are eight new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (2)

•  24660: HTTP: Adobe Acrobat Reader CLOD Memory Corruption Vulnerability (ZDI-10-116)
•  24695: HTTP: Adobe Reader ICC Parsing Buffer Overflow Vulnerability (ZDI-10-191)

 Autodesk (2)

•  24648: ZDI-CAN-3593: Zero Day Initiative Vulnerability (Autodesk Design Review)
•  24650: ZDI-CAN-3595: Zero Day Initiative Vulnerability (Autodesk Design Review)

 FATEK (1)

•  24651: ZDI-CAN-3676: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)

 Hewlett Packard Enterprise (1)

•  24658: TCP: HP Data Protector Multiple Opcode Parsing Buffer Overflow Vulnerability (ZDI-13-121, ZDI-13-122, ZDI-13-123, ZDI-13-124, ZDI-13-125, ZDI-13-126, ZDI-13-127, ZDI-13-128, ZDI-13-129, ZDI-13-130, ZDI-13-131, ZDI-13-161)

 Microsoft (2)

•  24642: SMB: Microsoft Windows Media Center Code Execution Vulnerability (ZDI-16-277)
•  24694: HTTP: Microsoft Internet Explorer Memory Corruption (ZDI-11-247)

Updated Existing Zero-Day Filters

This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.

This week’s updated zero-day filter focuses on a critical vulnerability in SolarWinds’ Resource Monitor Profiler Module. The updated filter reflects the fact that the vulnerability has been published as SolarWinds has issued an update to correct this vulnerability.

•  21830: HTTP: SolarWinds SRM Profiler Module ScriptServlet SQL Injection (ZDI-16-249)