I’ve been fascinated with the rise and fall of exploit kits, especially the ones that are really popular that disappear seemingly overnight. Angler was one that at one point, contributed 59.5% in the total exploit kit activity for 2015. But now it’s presumed dead as of June 2016 after the arrest of a hacker gang. After Angler, there was a big move to Neutrino, but even Neutrino activity is down to a trickle. A lot of factors can contribute to the demise of an exploit kit – the authors may get caught, or competition from other exploit kits.
Zero Day Initiative Filters Settings Adjustment
Starting with this week’s Digital Vaccine® (DV) package, all newly added pre-disclosed Zero Day Initiative (ZDI) filters which would typically be configured to Block / Notify as a Recommended Setting will instead be set to Block / Notify / Trace. This is done in an effort to ensure network traces are always available for customers who wish to contact TippingPoint in the event of a ZDI pre-disclosed filter firing. In addition, over the next few weeks, all ZDI pre-disclosed filters shipped in previous DV packages that match these criteria will be modified to add the trace setting as well. This change will not impact any filter which has been manually overridden. Customers can contact the TippingPoint Technical Assistance Center (TAC) for additional information.
This week’s Digital Vaccine (DV) package includes coverage for the Adobe Security Bulletins released on or before February 21, 2017. The following table maps Digital Vaccine filters to the Adobe Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers:
|Bulletin #||CVE #||Digital Vaccine Filter #||Status|
|APSB17-04||CVE-2017-2987||–||Insufficient Vendor Information|
There are 10 new zero-day filters covering five vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Hewlett Packard Enterprise (1)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.