TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018

It’s one thing when your security solutions help protect your organization from a devastating cyberattack. It’s another thing when the company who develops your security solutions takes it to the next level to actually help catch those responsible for some of the biggest cyberattacks in the world. Earlier this week, Trend Micro disclosed the details of its exclusive investigative cooperation with the Federal Bureau of Investigation (FBI) to identify, arrest and bring to trial the individuals linked to the infamous Counter Antivirus (CAV) service Scan4You.

In 2012, Trend Micro began its research on Scan4You, which allowed cybercriminals to check the detection of their latest malware against more than 30 modern antivirus engines, enabling them to make attacks more successful. After close collaboration with the FBI, Scan4You went offline following the arrest of two suspected administrators in May 2017. Ruslans Bondars was found guilty as a result of the recent trial, while Jurijs Martisevs pleaded guilty in March 2018.

You can read more about “The Rise and Fall of {Scan4You}” here.

Red Hat Fedora DHCP Client Network Manager Vulnerability

Yesterday, Trend Micro released DVToolkit CSW file CVE-2018-1111.csw that contains the following filter:

  • Filter C1000001: DHCP: Red Hat Fedora DHCP Client Network Manager Input Validation Vulnerability

This command injection flaw found in a script included in the DHCP client (dhclient) packages affects Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager, which is configured to obtain network configuration using the DHCP protocol.

Note: This filter will be obsoleted by MainlineDV filter 31851 in next week’s package.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before May 8, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:

Bulletin # CVE # Digital Vaccine Filter Status
APSB18-16 CVE-2018-4944 31588  
APSB18-09 CVE-2018-4946 31687  
APSB18-09 CVE-2018-4947 31688  
APSB18-09 CVE-2018-4948 31589  
APSB18-09 CVE-2018-4949 31592  
APSB18-09 CVE-2018-4950 31593  
APSB18-09 CVE-2018-4951 31594  
APSB18-09 CVE-2018-4952 31695  
APSB18-09 CVE-2018-4953 31696  
APSB18-09 CVE-2018-4954 31697  
APSB18-09 CVE-2018-4955 31698  
APSB18-09 CVE-2018-4956 N/A Vendor Deemed Reproducibility or Exploitation Unlikely
APSB18-09 CVE-2018-4957 31699  
APSB18-09 CVE-2018-4958 31700  
APSB18-09 CVE-2018-4959 31701  
APSB18-09 CVE-2018-4960 31702  
APSB18-09 CVE-2018-4961 31703  
APSB18-09 CVE-2018-4962 31704  
APSB18-09 CVE-2018-4963 31705  
APSB18-09 CVE-2018-4964 31706  
APSB18-09 CVE-2018-4965 31707  
APSB18-09 CVE-2018-4966 31708  
APSB18-09 CVE-2018-4967 31709  
APSB18-09 CVE-2018-4968 31710  
APSB18-09 CVE-2018-4969 31711  
APSB18-09 CVE-2018-4970 31712  
APSB18-09 CVE-2018-4971 31713  
APSB18-09 CVE-2018-4972 31714  
APSB18-09 CVE-2018-4973 31715  
APSB18-09 CVE-2018-4974 31716  
APSB18-09 CVE-2018-4975 31717  
APSB18-09 CVE-2018-4976 31718  
APSB18-09 CVE-2018-4977 31719  
APSB18-09 CVE-2018-4978 31720  
APSB18-09 CVE-2018-4979 31721  
APSB18-09 CVE-2018-4980 31722  
APSB18-09 CVE-2018-4981 31723  
APSB18-09 CVE-2018-4982 31724  
APSB18-09 CVE-2018-4983 31725  
APSB18-09 CVE-2018-4984 31726  
APSB18-09 CVE-2018-4985 31727  
APSB18-09 CVE-2018-4986 31597  
APSB18-09 CVE-2018-4987 31598  
APSB18-09 CVE-2018-4988 31596  
APSB18-09 CVE-2018-4989 31595  
APSB18-09 CVE-2018-4990 31591  
APSB18-09 CVE-2018-4993 31570  

Zero-Day Filters

There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Advantech (5)

  • 31622: ZDI-CAN-5587: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)
  • 31624: ZDI-CAN-5590: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31627: ZDI-CAN-5595: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31628: ZDI-CAN-5596: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
  • 31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node)

Microsoft (2)

  • 31620: ZDI-CAN-5567: Zero Day Initiative Vulnerability (Microsoft Visual Studio)
  • 31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams)

Omron (1)

  • 30435: HTTP: Omron CX-One CX-FLnet Version Buffer Overflow Vulnerability (ZDI-18-289)

Trend Micro (3)

  • 31619: ZDI-CAN-5553: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31625: ZDI-CAN-5592: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
  • 31626: ZDI-CAN-5594: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018 appeared first on .