“Every new beginning comes from some other beginning’s end.”
That’s the last line of the song “Closing Time” by the band Semisonic. The TippingPoint team is no stranger to new beginnings. Our latest “new beginning” began almost a year ago when Trend Micro acquired us from Hewlett Packard Enterprise. The second part of our new beginning starts next Monday, when we’ll be starting our day in a new building. It’s so easy to be nostalgic when you’re packing up an office getting that wistful affection for the past when you find relics you thought were long gone and reminiscing about special moments. We have a lot to reminisce about from the past year alone and hopefully there will be many more memories in the years to come.
New ThreatDV DGA FiltersThe ThreatDV Domain Generation Algorithm (DGA) Defense family of filters is designed to detect DNS requests from malware infected hosts that are attempting to contact their command and control (C&C) hosts using DGAs. There are two new DGA filters in this week’s ThreatDV package:
27237: DNS: Suspicious DNS Lookup NXDOMAIN Response (DGA Digit Dash) 27242: DNS: Suspicious DNS Lookup NOERROR Response (DGA Digit Dash)Customers can access the ThreatDV Deployment and Best Practices guide through the TippingPoint Threat Management Center website .
New Support Phone Numbers for Trend Micro TippingPoint CustomersTrend Micro TippingPoint will soon update and expand international technical support phone numbers. The existing phone numbers for the United States and Canada will remain unchanged. For all other countries, the TippingPoint menu will be added to the existing in country Trend Micro numbers. The updated list of phone numbers will be posted to the Threat Management Center (TMC) website. This change will be effective March 6, 2017 . If customers have any questions or concerns, they can contact the TippingPoint Technical Assistance Center (TAC).
Zero-Day FiltersThere are 12 new zero-day filters covering four vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (3) 27225: ZDI-CAN-4355: Zero Day Initiative Vulnerability (Adobe Reader DC) 27233: ZDI-CAN-4369: Zero Day Initiative Vulnerability (Adobe Reader DC) 27236: ZDI-CAN-4374: Zero Day Initiative Vulnerability (Adobe Reader DC) Cisco (1) 27223: ZDI-CAN-4343: Zero Day Initiative Vulnerability (Cisco Prime Collaboration Provisioning) Foxit (2) 27224: ZDI-CAN-4354: Zero Day Initiative Vulnerability (Foxit Reader) 27227: ZDI-CAN-4365: Zero Day Initiative Vulnerability (Foxit Reader) Hewlett Packard Enterprise (6) 27222: ZDI-CAN-4342: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Universal CMDB) 27228: ZDI-CAN-4367: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27232: ZDI-CAN-4368: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27234: ZDI-CAN-4372: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27234: ZDI-CAN-4372: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27235: ZDI-CAN-4373: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27235: ZDI-CAN-4373: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) 27238: ZDI-CAN-4378: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Intelligent Management) Missed Last Week’s News?Catch up on last week’s news in myweekly recap.
