• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 20, 2016

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 20, 2016

  • Posted on:June 24, 2016
  • Posted in:Network, Security, Zero Day Initiative
  • Posted by:
    Elisa Lippincott (Global Threat Communications)
0

Life is full of surprises. I’ve had my share of good and bad ones in this crazy life of mine, but nothing could have prepared me (as a 12-year-old girl) for the surprise I found when I walked in our backyard one summer evening in South Texas. My cat had just had a litter of kittens and I was going out back to check on them. Instead of finding four cute kittens with their mom, I found an injured cat and four kitten heads. That’s right. Four kitten heads…with no bodies attached. A few feet away, I found the culprit: a big opossum.

For those of you who don’t live in the Western Hemisphere, opossums are mammals in the marsupial infraclass of the animal kingdom, which also includes kangaroos, wallabies, and koalas. It turns out that they are survivors, resistant to snake venom and other toxins, and are considered nature’s “vacuum cleaner,” eating up nasty garden pests and ticks. Once he saw me, he “played possum,” pretending to be dead so that I wouldn’t harm him. Opossums are actually pretty convincing at playing dead when they’re threatened or harmed – their bodies emit a foul odor and even if you pick them up, they won’t move. In the end, my shovel and I made sure he was dead.

There has been news of late regarding the Angler exploit kit. It was spotted first in 2013 and has been one of the most dominant exploit kits used in malvertising and the spread of ransomware. However, on June 7, Angler seemed to vanish into thin air. It appears that those looking to infect systems with malware are turning to the Neutrino exploit kit. Some are attributing Angler’s demise to the recent arrest of a Russian gang that had been using Angler to distribute the Lurk banking Trojan. Others say it’s just taking a little vacation. At any rate, you shouldn’t let your guard down when it comes to the Angler exploit kit. For all we know, it’s just “playing possum.” You can learn how TippingPoint tackles Angler with machine learning by reading the solution brief: “TippingPoint Takes on Angler Exploit Kit with Machine Learning.” 

Adobe Product Security Bulletins

This week’s Digital Vaccine (DV) package includes coverage for the Adobe Product Security Bulletins released on June 21, 2016. The following table maps Digital Vaccine filters to the Adobe Bulletins:

Bulletin # CVE # Digital Vaccine Filter # Status
APSB16-15 CVE-2016-4121 24870
APSB16-18 CVE-2016-4132 24871
APSB16-18 CVE-2016-4133 24872
APSB16-18 CVE-2016-4135 24855
APSB16-18 CVE-2016-4136 24859
APSB16-18 CVE-2016-4137 24860
APSB16-18 CVE-2016-4138 24861
APSB16-18 CVE-2016-4139 24863
APSB16-18 CVE-2016-4140 24865, 24866
APSB16-18 CVE-2016-4141 24843
APSB16-18 CVE-2016-4142 24844
APSB16-18 CVE-2016-4143 24845
APSB16-18 CVE-2016-4144 24868
APSB16-18 CVE-2016-4145 – Insufficient Info
APSB16-18 CVE-2016-4146 24869
APSB16-18 CVE-2016-4147 24846
APSB16-18 CVE-2016-4148 24847
APSB16-18 CVE-2016-4149 24848
APSB16-18 CVE-2016-4150 24849
APSB16-18 CVE-2016-4151 24850
APSB16-18 CVE-2016-4152 24851
APSB16-18 CVE-2016-4153 24852
APSB16-18 CVE-2016-4154 24854
APSB16-18 CVE-2016-4155 24856
APSB16-18 CVE-2016-4156 24857
APSB16-18 CVE-2016-4171 24883
APSB16-23 CVE-2016-4126 24873, 24874

Webinar on Demand: “Secure Your Network Environments with TippingPoint”

Speakers: TJ Alldridge and Satinder Khasriya

The Trend Micro TippingPoint Threat Protection System (TPS) family offers comprehensive threat protection against known and zero-day attacks. View this webinar to see the many ways the TPS can be used to protect your environment against the latest threats as well as the old ones too. Click here to view: https://www.brighttalk.com/webcast/7479/210181

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!

Zero-Day Filters

There is one new zero-day filter covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Mitsubishi (1)

  • 24842: ZDI-CAN-3794: Zero Day Initiative Vulnerability (Mitsubishi Electric E-Designer)

Updated Existing Zero-Day Filters

This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.

This week’s updated zero-day filter covers multiple vendors and covers vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ and Eclipse Jetty. Both Apache and Eclipse have issued updates to correct this vulnerability:

Apache: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

Eclipse: http://www.ocert.org/advisories/ocert-2016-001.html

  • 24494: HTTP: Multiple Products WEB-INF/META-INF Security Policy Bypass Vulnerability (ZDI-16-356, ZDI-16-362)

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of December 19, 2016
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 18, 2016
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 6, 2016
  4. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 13, 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.