• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 24, 2016

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 24, 2016

  • Posted on:October 28, 2016
  • Posted in:Network, Security, Zero Day Initiative
  • Posted by:
    Elisa Lippincott (Global Threat Communications)
0

Earlier this week, the Zero Day Initiative (ZDI) hosted the 2016 Mobile Pwn2Own contest in Tokyo during the PacSec conference. This year’s contest saw unique attacks against the iPhone 6S and Nexus 6P. The scary part? Even with the phones running the latest software and patches, researchers were able to install rogue applications and even leak pictures and data. For a detailed wrap-up of the contest and results, you can read Dustin Child’s blog here.

Our ZDI team doesn’t run the Mobile Pwn2Own just for the sake of running it, they run these contests to help us provide the best coverage for our customers. As a result of the vulnerability information we get as a result of Mobile Pwn2Own, TippingPoint is the ONLY solution that provides pre-emptive coverage for the vulnerabilities uncovered at Mobile Pwn2Own while the affected vendors work on a patch. In next week’s blog, I will provide more details on these zero-day filters that will be delivered to customers in their weekly Digital Vaccine® package.

Zero Day Initiative Recognized as the Leading Vulnerability Research Organization

We had some other big news this week. Industry analyst Frost and Sullivan recognized the Zero Day Initiative as the leading vulnerability research organization for 2015! In their study, Analysis of Global Public Vulnerability Research Market, 2015, Frost & Sullivan confirmed ZDI reported 49.1 percent of all verified, global vulnerabilities last year. ZDI publicly disclosed 656 of the 1,337 software vulnerabilities reported globally in 2015, which is an increase of nearly 91 percent from 2014. ZDI continued to lead in the identification of 420 high-severity and critical vulnerabilities, which is 1.6 times more than those discovered in 2014. Among many other statistics included in the study, ZDI was also named as the dominant disclosing institution for web browser and media player vulnerabilities. Congratulations to the ZDI team for their incredible work and for being the leading vulnerability research organization since 2010!

Mirai and Hajime Botnets Leverage IoT Devices for Distributed Denial-of-Service Attacks

Distributed Denial-of Service (DDoS) attacks have been around for a while, but we’re starting to see DDoS attacks at a scale that will more than likely become the norm. Last month, we saw the biggest DDoS attack to date, coming in at a whopping 1 Tbps against France-based hosting provider OVH. The latest incident occurred last Friday, when Dyn, a DNS provider with global headquarters in the United States, was hit with a DDoS attack via the Mirai Botnet that affected popular sites including Twitter, Spotify and Netflix, among others.

Mirai is a little different because it specifically targets consumer devices that are connected to the Internet, like DVRs, home routers and even CCTV. During the investigation of the Dyn DDoS attack, Hajime, another piece of malware that appears to also target IoT devices, was found. While there is no evidence of Hajime being used as of the publishing of this blog, it is being described as more sophisticated than Mirai.

As a result of these DDoS threats, TippingPoint released an out-of-band ThreatDV malware filter package that provides coverage for Hajime and Mirai. We also released DVToolkit CSW files “linux_mirai.csw” and “Hajime_Checkin.csw.” These filters will trigger when traffic matching a known Command and Control (CnC) pattern is observed.

For the latest DVToolkit filters, customers can visit the Threat Management Center (TMC) web site at https://tmc.tippingpoint.com and navigate to Releases > CSW Files. For questions or technical assistance customers can contact the TippingPoint Technical Assistance Center (TAC).

DVToolkit v3.2.0 is now available!

TippingPoint has released Digital Vaccine (DV) Toolkit v3.2.0. DVToolkit v3.2.0 corrects the filter override issue as reported in Product Bulletin #1062 published on September 27, 2016.

  • Enhancements to DVToolkit include:
  • Manage filter numbering
  • Configure trigger-less filters
  • Allow, restrict, or ignore inter-field constraints
  • New interface location for trigger definitions
  • “Strip New Lines” option available
  • Boolean logical OR function added to regular expressions
  • URI length handling
  • New IPv4 and IPv6 source and destination address handler functionality

For the complete list of enhancements and changes, please refer to the product Release Notes. For Release Notes and other product documentation, customers can visit the Threat Management Center (TMC) web site at https://tmc.tippingpoint.com. For questions or technical assistance customers can contact the TippingPoint Technical Assistance Center (TAC).

Zero-Day Filters

There are 30 new zero-day filters covering nine vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.

Adobe (6)

  • 25373: ZDI-CAN-3923: Zero Day Initiative Vulnerability (Adobe Digital Editions)
  • 25379: HTTP: Adobe Digital Editions ePub Font Use-After-Free Vulnerability (ZDI-16-528)
  • 25446: ZDI-CAN-4038: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
  • 25447: ZDI-CAN-4039: Zero Day Initiative Vulnerability (Adobe Acrobat Reader DC)
  • 25448: ZDI-CAN-4040: Zero Day Initiative Vulnerability (Adobe Flash)
  • 25449: ZDI-CAN-4041: Zero Day Initiative Vulnerability (Adobe Flash)

Advantech (1)

  • 25380: ZDI-CAN-4013: Zero Day Initiative Vulnerability (Advantech WebAccess)

Apache (1)

  • 25375: ZDI-CAN-3936: Zero Day Initiative Vulnerability (Apache Groovy)

Attachmate (1)

  • 25381: ZDI-CAN-4022: Zero Day Initiative Vulnerability (Attachmate Host Access Management and Security)

Delta (7)

  • 25367: ZDI-CAN-3909: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25368: ZDI-CAN-3910: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25369: ZDI-CAN-3911: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft) 25369: ZDI-CAN-3911: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25370: ZDI-CAN-3912: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25371: ZDI-CAN-3913: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25372: ZDI-CAN-3915: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)
  • 25377: ZDI-CAN-3935: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)

EMC (4)

  • 25383: ZDI-CAN-4023: Zero Day Initiative Vulnerability (EMC Connectrix Manager Converged Network Edition)
  • 25384: ZDI-CAN-4024: Zero Day Initiative Vulnerability (EMC Connectrix Manager Converged Network Edition)
  • 25442: ZDI-CAN-4025: Zero Day Initiative Vulnerability (EMC Connectrix Manager Converged Network Edition)
  • 25444: ZDI-CAN-4026: Zero Day Initiative Vulnerability (EMC Connectrix Manager Converged Network Edition)

Microsoft (2)

  • 25374: ZDI-CAN-3932: Zero Day Initiative Vulnerability (Microsoft Windows)
  • 25443: ZDI-CAN-4031: Zero Day Initiative Vulnerability (Microsoft Windows)

Trend Micro (1)

  • 25382: ZDI-CAN-4008: Zero Day Initiative Vulnerability (Trend Micro Control Manager)

UCanCode (7)

  • 25352: ZDI-CAN-3886-3890: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25353: ZDI-CAN-3893: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25354: ZDI-CAN-3895: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25355: ZDI-CAN-3896: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25356: ZDI-CAN-3897,3970: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25357: ZDI-CAN-3907: Zero Day Initiative Vulnerability (UCanCode E-XD++ Visualization Enterprise Suite)
  • 25377: ZDI-CAN-3935: Zero Day Initiative Vulnerability (Delta Industrial Automation WPLSoft)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 26, 2016
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of December 26, 2016
  3. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 3, 2016
  4. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 10, 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.