Deep Security Center

Page 1 of 20:
1
2
3
4
5
6
7
8
9
10
...
20

RULE UPDATE: 19-003 (January 22, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCPv6 Client - Incoming
1008949 - ISC dhclient Buffer Overflow Vulnerability (CVE-2018-5732)

Database MySQL
1009357* - MySQL 5.5.8 NULL Pointer Dereference Denial Of Service Vulnerability (CVE-2011-5049)

Memcached
1009459* - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458* - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)

Web Application Common
1009308 - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009401 - Nagios XI Magpie 'cURL' Argument Injection Vulnerability (CVE-2018-15708)

Web Application PHP Based
1009395* - PHP 'imap_open()' Remote Code Execution Vulnerability (CVE-2018-19518)

Web Client Common
1009206* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 1
1009211* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 6
1009215* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 9
1009405* - Adobe Flash Player Use After Free Vulnerability (CVE-2018-15982)
1009403 - Apache Traffic Server ESI Plugin Cookie Header Information Disclosure (CVE-2018-8040)
1009338* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)

Web Server Apache Tika
1009142 - Apache Tika tika-server Command Injection Vulnerability (CVE-2018-1335)

Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability

Web Server Oracle
1009417* - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 19-002 (January 15, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database MySQL
1009357 - MySQL 5.5.8 NULL Pointer Dereference Denial Of Service Vulnerability (CVE-2011-5049)

Elasticsearch
1009209* - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)

Web Client Common
1004315* - Identified Malicious PDF Document - 3
1009359 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8424)
1009369* - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)
1009218* - Microsoft Windows VBScript Engine Use-After-Free Vulnerability (CVE-2018-8373)

Web Client Internet Explorer/Edge
1009246* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8372)
1009243* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8353)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1002797* - Database Server - MySQL

RULE UPDATE: 19-001 (January 8, 2019)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI

Memcached
1009459 - Memcached 'process_bin_append_prepend' Integer Overflow Vulnerability (CVE-2016-8704)
1009458 - Memcached 'process_bin_update' Function And 'body_len' Parameter Integer Overflow Vulnerability (CVE-2016-8705)

Remote Desktop Protocol Server
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt

Web Application Common
1009202* - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1
1009425* - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1

Web Application PHP Based
1009445* - WordPress Authenticated Phar Insecure Deserialization Vulnerability

Web Client Common
1009460 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-02)
1009452 - Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
1009461 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 1
1009466 - Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 2

Web Client Internet Explorer/Edge
1009463 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
1009468 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
1009469 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
1009462 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
1009465 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
1009464 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)

Web Server Miscellaneous
1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability

Web Server Oracle
1009417 - Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability (CVE-2018-3252)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-069 (December 26, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command

Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI

Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt

Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request

Suspicious Server Application Activity
1009433 - Tildeb Knock Request

Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability

Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability

Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-068 (December 20, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009437* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 1
1009440* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 4

Web Client Internet Explorer/Edge
1009449 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8653)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-067 (December 18, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009390* - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)

Web Application Common
1009202 - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities - 1

Web Client Common
1008883* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-02) - 2
1009327* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 9
1009437 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 1
1009438 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 2
1009439 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 3
1009440 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 4
1009441 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 5
1009444 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 6
1009442 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 7
1009443 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-41) - 8
1009394* - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
1009201 - ImageMagick Multiple 'ReadDIBImage' And 'WriteDIBImage' Out Of Bounds Write Vulnerabilities
1009292 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8382)
1009307* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8423)
1009366* - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
1009446 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8596)
1009293* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1002744* - RealNetworks RealPlayer SWF Flash File Buffer Overflow Vulnerability (CVE-2006-0323)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-066 (December 11, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1009427 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8628)

Web Application Common
1009425 - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323) - 1

Web Client Common
1009426 - 7-Zip Remote Code Execution Vulnerability (CVE-2018-10115)
1009321* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 3
1009326* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 8
1009424 - ImageMagick ReadXBMImage Memory Leak Vulnerability (CVE-2018-16323)
1009428 - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
1009413 - Microsoft Text-To-Speech Remote Code Execution Vulnerability (CVE-2018-8634)
1009431 - Microsoft Windows Multiple Security Vulnerabilities (Dec-2018)
1009268 - Oracle Outside In Excel GelFrame Out-Of-Bounds Read (CVE-2018-2992)

Web Client Internet Explorer/Edge
1009409 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8583)
1009411 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617)
1009412 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8618)
1009416 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8624)
1009415 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
1009335* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460)
1009414 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
1009410 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8619)
1009430 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8625)
1009429 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8643)

Web Client Mozilla Firefox
1009159 - Mozilla Firefox Vorbis Audio Residue Codebook Out Of Bounds Write Vulnerability (CVE-2018-5146)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-065 (December 5, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share

Web Client Common
1009405 - Adobe Flash Player Use After Free Vulnerability (CVE-2018-15982)
1009407 - Detected Suspicious DLL Side Loading Attempt Over WebDAV

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

RULE UPDATE: 18-064 (December 4, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Elasticsearch
1009209 - ElasticSearch Dynamic Script Arbitrary Java Code Execution Vulnerability (CVE-2014-3120)

HP Intelligent Management Center (IMC)
1008983 - HPE Intelligent Management Center 'saveSelectedDevices' Expression Language Injection Vulnerability (CVE-2017-12491)

TFTP Server
1009365 - Microsoft Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2018-8476)

Web Application Common
1005934* - Identified Suspicious Command Injection Attack

Web Client Internet Explorer/Edge
1009244* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355)

Web Client Mozilla Firefox
1009396 - Mozilla Firefox Multiple Security Vulnerabilities

Web Server Adobe ColdFusion
1009387 - Adobe ColdFusion Remote File Upload Vulnerability (CVE-2018-15961)

Integrity Monitoring Rules:

1008271* - Application - Docker
1003131* - Virtualization Software - VMware Server

Log Inspection Rules:

1003802* - Directory Server - Microsoft Windows Active Directory

RULE UPDATE: 18-063 (November 27, 2018)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1008964* - Digium Asterisk Compound RTCP Out-Of-Bounds Write Vulnerability (CVE-2017-17664)

Asterisk Server IAX2
1002607* - Asterisk IAX2 Packet Amplification Remote Denial Of Service Vulnerability (CVE-2008-1897)

Oracle Secure Backup
1003225* - Oracle Secure Backup NDMP CONECT_CLIENT_AUTH Command Buffer Overflow

Web Application PHP Based
1008817 - PHP WDDX NULL Pointer Dereference Vulnerability (CVE-2016-9934)

Web Client Common
1009273 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-09) - 8
1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
1009378* - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
1009088* - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (May 2018)
1009382* - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
1009293* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
1009171* - Microsoft Windows Shell Remote Code Execution Vulnerability
1009238* - Microsoft Windows Shell Remote Code Execution Vulnerability - 1
1009029* - PHP 'http_fopen_wrapper' Stack Buffer Overflow Vulnerability (CVE-2018-7584)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories

View All

$https://documents.trendmicro.com/images/TEx/articles/20180903221730972-24-yhxppax-800.jpg$
MQTT and CoAP: Security and Privacy Issues in IoT and IIoT Communication Protocols
We looked into MQTT brokers and CoAP servers around the world to assess IoT protocol security. Learn how to prevent risks and secure machine-to-machine (M2M) communications over MQTT and CoAP in our research.
Read more
$hacker machine interface$
The State of SCADA HMI Vulnerabilities
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
Read more
Rogue Robots: Testing the Limits of an Industrial Robot’s Security
The modern world relies heavily on industrial robots. But is the current robotics ecosystem secure enough to withstand a cyber attack?
Read more
$two years of pawn storm$
From Espionage to Cyber Propaganda: Pawn Storm's Activities over the Past Two Years
This paper takes a look at Pawn Storm's operations within the last two years, and how the group has expanded their activities from espionage to the use of cyber propaganda tactics.
Read more