TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 14, 2018
It’s one thing when your security solutions help protect your organization from a devastating cyberattack. It’s another thing when the company who develops your security solutions takes it to the next level to actually help catch those responsible for some of the biggest cyberattacks in the world. Earlier this week, Trend Micro disclosed the details of its exclusive investigative cooperation with the Federal Bureau of Investigation (FBI) to identify, arrest and bring to trial the individuals linked to the infamous Counter Antivirus (CAV) service Scan4You.
In 2012, Trend Micro began its research on Scan4You, which allowed cybercriminals to check the detection of their latest malware against more than 30 modern antivirus engines, enabling them to make attacks more successful. After close collaboration with the FBI, Scan4You went offline following the arrest of two suspected administrators in May 2017. Ruslans Bondars was found guilty as a result of the recent trial, while Jurijs Martisevs pleaded guilty in March 2018.
You can read more about “The Rise and Fall of {Scan4You}” here.
Red Hat Fedora DHCP Client Network Manager Vulnerability
Yesterday, Trend Micro released DVToolkit CSW file CVE-2018-1111.csw that contains the following filter:
- Filter C1000001: DHCP: Red Hat Fedora DHCP Client Network Manager Input Validation Vulnerability
This command injection flaw found in a script included in the DHCP client (dhclient) packages affects Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager, which is configured to obtain network configuration using the DHCP protocol.
Note: This filter will be obsoleted by MainlineDV filter 31851 in next week’s package.
Adobe Security Update
This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before May 8, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ May 2018 Security Update Review from the Zero Day Initiative:
| Bulletin # | CVE # | Digital Vaccine Filter | Status |
| APSB18-16 | CVE-2018-4944 | 31588 | |
| APSB18-09 | CVE-2018-4946 | 31687 | |
| APSB18-09 | CVE-2018-4947 | 31688 | |
| APSB18-09 | CVE-2018-4948 | 31589 | |
| APSB18-09 | CVE-2018-4949 | 31592 | |
| APSB18-09 | CVE-2018-4950 | 31593 | |
| APSB18-09 | CVE-2018-4951 | 31594 | |
| APSB18-09 | CVE-2018-4952 | 31695 | |
| APSB18-09 | CVE-2018-4953 | 31696 | |
| APSB18-09 | CVE-2018-4954 | 31697 | |
| APSB18-09 | CVE-2018-4955 | 31698 | |
| APSB18-09 | CVE-2018-4956 | N/A | Vendor Deemed Reproducibility or Exploitation Unlikely |
| APSB18-09 | CVE-2018-4957 | 31699 | |
| APSB18-09 | CVE-2018-4958 | 31700 | |
| APSB18-09 | CVE-2018-4959 | 31701 | |
| APSB18-09 | CVE-2018-4960 | 31702 | |
| APSB18-09 | CVE-2018-4961 | 31703 | |
| APSB18-09 | CVE-2018-4962 | 31704 | |
| APSB18-09 | CVE-2018-4963 | 31705 | |
| APSB18-09 | CVE-2018-4964 | 31706 | |
| APSB18-09 | CVE-2018-4965 | 31707 | |
| APSB18-09 | CVE-2018-4966 | 31708 | |
| APSB18-09 | CVE-2018-4967 | 31709 | |
| APSB18-09 | CVE-2018-4968 | 31710 | |
| APSB18-09 | CVE-2018-4969 | 31711 | |
| APSB18-09 | CVE-2018-4970 | 31712 | |
| APSB18-09 | CVE-2018-4971 | 31713 | |
| APSB18-09 | CVE-2018-4972 | 31714 | |
| APSB18-09 | CVE-2018-4973 | 31715 | |
| APSB18-09 | CVE-2018-4974 | 31716 | |
| APSB18-09 | CVE-2018-4975 | 31717 | |
| APSB18-09 | CVE-2018-4976 | 31718 | |
| APSB18-09 | CVE-2018-4977 | 31719 | |
| APSB18-09 | CVE-2018-4978 | 31720 | |
| APSB18-09 | CVE-2018-4979 | 31721 | |
| APSB18-09 | CVE-2018-4980 | 31722 | |
| APSB18-09 | CVE-2018-4981 | 31723 | |
| APSB18-09 | CVE-2018-4982 | 31724 | |
| APSB18-09 | CVE-2018-4983 | 31725 | |
| APSB18-09 | CVE-2018-4984 | 31726 | |
| APSB18-09 | CVE-2018-4985 | 31727 | |
| APSB18-09 | CVE-2018-4986 | 31597 | |
| APSB18-09 | CVE-2018-4987 | 31598 | |
| APSB18-09 | CVE-2018-4988 | 31596 | |
| APSB18-09 | CVE-2018-4989 | 31595 | |
| APSB18-09 | CVE-2018-4990 | 31591 | |
| APSB18-09 | CVE-2018-4993 | 31570 |
Zero-Day Filters
There are 11 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative web site. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Advantech (5)
- 31622: ZDI-CAN-5587: Zero Day Initiative Vulnerability (Advantech WebAccess HMI Designer)
- 31624: ZDI-CAN-5590: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
- 31627: ZDI-CAN-5595: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
- 31628: ZDI-CAN-5596: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
- 31629: ZDI-CAN-5597: Zero Day Initiative Vulnerability (Advantech WebAccess Node)
Microsoft (2)
- 31620: ZDI-CAN-5567: Zero Day Initiative Vulnerability (Microsoft Visual Studio)
- 31623: ZDI-CAN-5589: Zero Day Initiative Vulnerability (Microsoft Teams)
Omron (1)
- 30435: HTTP: Omron CX-One CX-FLnet Version Buffer Overflow Vulnerability (ZDI-18-289)
Trend Micro (3)
- 31619: ZDI-CAN-5553: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
- 31625: ZDI-CAN-5592: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
- 31626: ZDI-CAN-5594: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
Read More HERE
