Earlier this week, the Internet Systems Consortium (ISC) issued an update for a high-severity security vulnerability that would allow the Berkeley Internet Name Domain (BIND) software to be exploited remotely to launch denial-of-service (DoS) attacks. This vulnerability, uncovered internally by ISC, is significant because BIND is the most widely-used software to implement Domain Name System (DNS) protocols. Affected versions include 9.0.x to 9.8.x, 9.9.0 to 9.9.9-P2, 9.9.3-S1 to 9.9.9-S3, 9.10.0 to 9.10.4-P2, and 9.11.0a1 to 9.11.0rc1.
Due to the severity of this vulnerability, TippingPoint released DVToolkit CSW file CVE-2016-2776.csw to customers. This filter detects an attempt to exploit a denial-of-service vulnerability in ISC BIND. We recommend that this CSW filter be deployed to protect unpatched systems.
You can find more information on this vulnerability below:
Common Vulnerabilities and Exposures
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
ISC Advisory
https://kb.isc.org/article/AA-01419
For the latest DVToolkit filters, customers can visit the TippingPoint Threat Management Center (TMC) website at https://tmc.tippingpoint.com and navigate to Releases > CSW Files. Customers who have questions need technical assistance on any Trend Micro TippingPoint product can contact the Trend Micro TippingPoint Technical Assistance Center (TAC).
NEW DATES: TippingPoint Threat Management Center (TMC)/ThreatLinQ Migration Window
As part of our separation from Hewlett Packard Enterprise, Trend Micro TippingPoint will be migrating the Threat Management Center (TMC) and ThreatLinQ web sites during the following dates and times.
| From | Time | To | Time |
| Friday, November 11, 2016 | 8:00 AM (CDT) | Saturday, November 12, 2016 | 8:00 AM (CDT) |
| Friday, November 11, 2016 | 1:00 PM (UTC) | Saturday, November 12, 2016 | 1:00 PM (UTC) |
During the migration window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW), Threat Protection System (TPS) and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC may be intermittently disrupted, thus preventing the Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring.
Important Note for customers with specific firewall rules for accessing the TMC: By default, TippingPoint devices are configured to use DNS resolution in order to reach the TMC. As we are moving into a new environment, the IP address currently used by TMC will change. Additionally, going forward, the resolved IP address may change without notice. As long as DNS services are available to your local deployment, this move and behavior change will not impact your ability to access TMC. If you have added specific firewall rules to manage TMC connectivity, we advise that they be reviewed to ensure this new behavior will not impact the ability for your TippingPoint deployment to communicate with TMC.
Following the migration, the login process for the websites will change. Additional information and instructions for accessing the new sites will be provided in a future announcement prior to the migration. We appreciate your patience during the migration window. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).
TippingPoint DVLabs Experts Speaking at Virus Bulletin 2016
The 26th annual Virus Bulletin International Conference (VB2016) was held in Denver, Colorado October 5-7, 2016 and covered a broad range of IT security topics for the brains of IT security from around the world to learn, debate, pass on their knowledge and move the industry forward. Josiah Hagen, Brandon Niemczyk and Jonathan Andersson from our TippingPoint DVLabs Advanced Research Team are speaking today (October 7) at 11am Mountain Time on “Using Machine Learning to Stop Exploit Kits In-Line in Real-Time.” For more information on their session and the conference, click here.
Zero-Day Filters
There are 14 new zero-day filters covering seven vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Adobe (1)
|
|
Advantech (1)
|
|
Apple (1)
|
|
ARRIS (7)
|
|
Delta (2)
|
|
Microsoft (1)
|
|
UCanCode (1)
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.