Mail Server Over SSL/TLS 1010010 - Exim Remote Code Execution Vulnerability (CVE-2019-16928)
Remote Desktop Protocol Server 1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1032)
SSL Client 1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1032)
Suspicious Client Application Activity 1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1032) 1005283* - Identified Potentially Malicious RAT Traffic - I (ATT&CK T1094) 1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094) 1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1094) 1005473* - Identified Potentially Malicious RAT Traffic - V (ATT&CK T1094) 1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1094) 1007197* - TMTR-0005: GHOST RAT TCP Connection Detected (ATT&CK T1094) 1007200* - TMTR-0010: FAKEM RAT TCP Connection (ATT&CK T1094) 1007207* - TMTR-0014: NJRAT TCP Connection (ATT&CK T1094)
Web Client Common 1010000 - Adobe Acrobat And Reader Out-of-Bounds Read Vulnerability (CVE-2019-7110) 1000943* - Detect UPX Packed Executable Download (ATT&CK T1045) 1010021 - Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1361) 1010009 - Microsoft Windows Elevation of Privilege Vulnerability (CVE-2019-1364) 1009981* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1252) 1010015 - Microsoft XML Remote Code Execution Vulnerability (CVE-2019-1060)
Web Client Internet Explorer/Edge 1009787* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1024) 1009788* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1051) 1009792* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1052) 1010018 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1307) 1010019 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1308) 1010008 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1335) 1010020 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1366) 1010016 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-1238) 1010017 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-1239)
Web Server Common 1005434* - Disallow Upload Of A PHP File (ATT&CK T1105) 1003025* - Web Server Restrict Executable File Uploads (ATT&CK T1105)
Web Server Miscellaneous 1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
Web Server Oracle 1009816* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2729)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Our two-year research provides insights into the life cycle of exploits, the types of exploit buyers and sellers, and the business models that are reshaping the underground exploit market.
Malicious attacks have consistently been launched on weak points in the supply chain. Like all attacks, these will evolve into more advanced forms. Software development, with multiple phases that could be placed at risk, is particularly vulnerable.