• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 15, 2016

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 15, 2016

  • Posted on:August 19, 2016
  • Posted in:Network, Security, Zero Day Initiative
  • Posted by:
    Elisa Lippincott (Global Threat Communications)
0

This past weekend, a hacking group calling itself The Shadow Brokers hacked the Equation Group, another hacking group with alleged ties to the United States National Security Agency (NSA). Using Twitter as their communication platform, The Shadow Brokers posted a link to a pastebin, which in turn led to more than 300 MB of exploits and scripts available to the highest bidder. A number of the exploits specifically target networking and firewall products from the likes of Cisco, Juniper, Fortinet, and Topsec. While there is much speculation on the likelihood that the auction of the exploits and scripts is real, all evidence suggests the leaked data came from the NSA, and the timing strongly suggests Russia as the leaker. As security researchers in the industry investigate this further, we’ll hopefully have a better idea on how they got the data and why. We will keep an eye on this developing story.

Earlier today, TippingPoint issued an out-of-band Digital Vaccine that includes two new filters to address the issues reported as part of the Equation Group hack. The regular weekly DV package schedule will not be impacted and will be published as scheduled next Tuesday, August 23, 2016.

  • 34127: SNMP: Cisco ASA Memory Corruption Vulnerability (EXTRABACON)
  • 34128: HTTP: Fortinet FortiGate Cookie Buffer Overflow Vulnerability (EGREGIOUSBLUNDER)

An Additional Out-of-band Digital Vaccine Package

Last Friday, we issued an out-of-band Digital Vaccine (DV) package. The DV package included three new filters (28788, 28789, 28790) and changes to the Hyper-Aggressive deployment mode. For details regarding these changes, customers can contact the TippingPoint Technical Assistance Center (TAC). Our regular weekly DV package releases are not impacted by any out-of-band DV releases.

REMINDER: TippingPoint TMC Planned Maintenance Window This Weekend

The Trend Micro TippingPoint Threat Management Center (TMC) website (https://tmc.tippingpoint.com/TMC) will be undergoing maintenance on the following dates and times.

From Time To Time
Saturday, August 20, 2016 8:00 PM (CDT) Sunday, August 21, 2016 5:00 AM (CDT)
Sunday, August 21, 2016 1:00 AM (UTC) Sunday, August 21, 2016 10:00 AM (UTC)

During the maintenance window, the Security Management System (SMS), Intrusion Prevention System (IPS), Threat Protection System (TPS), Next Generation Firewall (NGFW), and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC may be intermittently disrupted, thus preventing Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are four new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Google (1)

  • 30610: ZDI-CAN-3840: Zero Day Initiative Vulnerability (Google Chrome)

Novell (1)

  • 30608: ZDI-CAN-3837: Zero Day Initiative Vulnerability (Novell NetIQ Sentinel)

Solarwinds (2)

  • 30591: HTTP: SolarWinds SRM Profiler ScriptServlet state upload SQL Injection Vulnerability (ZDI-16-268)
  • 30605: HTTP: SolarWinds SRM Profiler ScriptServlet Filename SQL Injection Vulnerability (ZDI-16-268)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 1, 2016
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 8, 2016
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 22, 2016
  4. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 29, 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.