This past weekend, a hacking group calling itself The Shadow Brokers hacked the Equation Group, another hacking group with alleged ties to the United States National Security Agency (NSA). Using Twitter as their communication platform, The Shadow Brokers posted a link to a pastebin, which in turn led to more than 300 MB of exploits and scripts available to the highest bidder. A number of the exploits specifically target networking and firewall products from the likes of Cisco, Juniper, Fortinet, and Topsec. While there is much speculation on the likelihood that the auction of the exploits and scripts is real, all evidence suggests the leaked data came from the NSA, and the timing strongly suggests Russia as the leaker. As security researchers in the industry investigate this further, we’ll hopefully have a better idea on how they got the data and why. We will keep an eye on this developing story.
Earlier today, TippingPoint issued an out-of-band Digital Vaccine that includes two new filters to address the issues reported as part of the Equation Group hack. The regular weekly DV package schedule will not be impacted and will be published as scheduled next Tuesday, August 23, 2016.
34127: SNMP: Cisco ASA Memory Corruption Vulnerability (EXTRABACON)
34128: HTTP: Fortinet FortiGate Cookie Buffer Overflow Vulnerability (EGREGIOUSBLUNDER)
An Additional Out-of-band Digital Vaccine Package
Last Friday, we issued an out-of-band Digital Vaccine (DV) package. The DV package included three new filters (28788, 28789, 28790) and changes to the Hyper-Aggressive deployment mode. For details regarding these changes, customers can contact the TippingPoint Technical Assistance Center (TAC). Our regular weekly DV package releases are not impacted by any out-of-band DV releases.
REMINDER: TippingPoint TMC Planned Maintenance Window This Weekend
The Trend Micro TippingPoint Threat Management Center (TMC) website (https://tmc.tippingpoint.com/TMC) will be undergoing maintenance on the following dates and times.
From
Time
To
Time
Saturday, August 20, 2016
8:00 PM (CDT)
Sunday, August 21, 2016
5:00 AM (CDT)
Sunday, August 21, 2016
1:00 AM (UTC)
Sunday, August 21, 2016
10:00 AM (UTC)
During the maintenance window, the Security Management System (SMS), Intrusion Prevention System (IPS), Threat Protection System (TPS), Next Generation Firewall (NGFW), and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC may be intermittently disrupted, thus preventing Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).
Zero-Day Filters
There are four new zero-day filters covering three vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Google (1)
30610: ZDI-CAN-3840: Zero Day Initiative Vulnerability (Google Chrome)
Novell (1)
30608: ZDI-CAN-3837: Zero Day Initiative Vulnerability (Novell NetIQ Sentinel)
Solarwinds (2)
30591: HTTP: SolarWinds SRM Profiler ScriptServlet state upload SQL Injection Vulnerability (ZDI-16-268)
30605: HTTP: SolarWinds SRM Profiler ScriptServlet Filename SQL Injection Vulnerability (ZDI-16-268)
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap posted on the Trend Micro Simply Security blog!