
My heart has been aching since I heard the news about Prince’s untimely death last week. Prince Rogers Nelson was an innovator who paved the way and influenced many artists across different music genres. At the same time, he defied the music industry, fighting to protect the rights, music and likeness of artists. He was the ultimate musician, able to play over 27 instruments and, in my opinion, one of the most underrated guitarists ever to play the instrument. Prince was also a non-conformist, not following trends but setting his own, making an awkward teenage girl like me accept, and feel comfortable in, my own weirdness. In the end, the world lost a tremendous talent and philanthropist who was very generous with many charities, including #YesWeCode, an organization that helps young women and men from low-opportunity backgrounds find success in the tech sector. As for me, I lost a significant representative of my youth. He was my Kiss, my Little Red Corvette, my Manic Monday, my Jungle Love, my Starfish and Coffee, Maple Syrup and Jam.
For those of us who work in the IT security industry, we’re all tasked with helping our customers protect against cyberattacks, but it shouldn’t stop there. We need to push the envelope and drive innovation beyond the confines of our disparate solutions if we hope to have any chance against the bad guys. If Prince had just made his music, but didn’t fight for the protection of artistic freedom and ownership rights, many artists may not have many of the ownership protections they have today. Since its inception in 2005, our Zero Day Initiative has been “pushing the envelope” with the responsible disclosure of vulnerabilities. We’re able to provide a Digital Vaccine filter for a vulnerability that hasn’t been patched yet to our TippingPoint customers, but we take it a step further and work with the affected vendors to ensure they have what they need to patch the vulnerability and secure their code. We held our annual Pwn2Own event in March, where we saw 21 vulnerabilities across Adobe, Apple, Google and Microsoft products. Yes, we awarded researchers hundreds of thousands of dollars in prizes, a cool jacket and a big trophy, but in the end, we are inspiring vendors like Adobe “to come up with the next generation of defenses.” Adobe’s “Reflections on Pwn2Own” blog is a testament to our innovation in responsible vulnerability discovery. As Adobe states, “Pwn2Own is truly valuable because it shows how different researchers will try to bypass the existing mitigations to create the fully weaponized exploit.”
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!
Zero-Day Filters
There are 22 new zero-day filters covering seven vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site.
Adobe (4)
|
|
Cisco (1)
|
|
Foxit (1)
|
|
Google (2)
|
|
Microsoft (1)
|
|
Schneider Electric (12)
|
|
Trend Micro (1)
|
|
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
On April 14, 2016, we issued an urgent call to action to uninstall Apple QuickTime for Windows because Apple is deprecating QuickTime for Windows and will no longer be issuing security updates for the product. The filters below have been updated to reflect the published status of the QuickTime vulnerabilities:
|
|