This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny_Yang
Ambassador
Ambassador
‎2018-02-04 08:55 PM

SandBlast對抗Adobe Flash Player零時差漏洞(CVE-2018-4878)

這兩天有個新的Adobe Critical漏洞被揭露(CVE-2018-4878),影響Flash Player 28.0.0.137以及更早以前的版本。

這個漏洞可以讓攻擊者以特定SWF檔案觸發遠端執行程式(Remote Code Execution),影響特定版本的Flash使用者,並以電子郵件夾帶Office檔案崁入特定的Flash內容散佈惡意程式。Adobe將於近日釋出相關修補版本(預計為2/5)。

Adobe Official Announcement:

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

相關參考:

http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

在Adobe提供Patch程式之前,除了提醒客戶啟用已經釋出的IPS特徵碼(Adobe Flash Player Use After Free Remote Code Execution (CVE-2018-4878)之外,還可建議請他們運用SandBlast Zero-Day Protection提前一步瓦解惡意威脅。

https://www.checkpoint.com/defense/advisories/public/2018/cpai-2018-0052.html

Threat Extraction:

SandBlast威脅萃取功能可清除Office文件內惡意感染源(e.g. SWF),確保使用者收到電子郵件附件檔案無害化。

Threat Emulation:

SandBlast威脅模擬功能為新世代反惡意程式規避方案,整合包含機器學習、CPU Level Detection、沙箱檢測、Push Forward等先進模擬技術,有效揪出隱含在可疑檔案內的惡意程式,即時阻擋威脅危害(Prevention)。

Anti-Exploit:

SandBlast Agent端點防護方案可防護漏洞攻擊,避免遠端程式呼叫防堵惡意威脅。

http://blog.checkpoint.com/2018/02/04/sandblast-protects-flash-zero-day-vulnerability/

2 Replies
Danny_Yang
Ambassador
Ambassador
‎2018-02-04 09:17 PM

目前Adobe尚未釋出關於此漏洞的Patch, 而主要的友商Palo Alto, Foritnet也尚未看到相關IPS防護特徵碼。(Fortinet防毒有相關惡意程式特徵)

One Step Ahead from Exploit & Zero-day Attack!

Danny_Yang
Ambassador
Ambassador
‎2018-02-05 12:50 AM
In response to Danny_Yang

從Adobe/Microsoft層出不窮的漏洞問題,可清楚了解到層次防禦在Known/Unknown的威脅面向以及不同感染進程的重要性。

以防護Kill Chain的角度來說,有效部署包含FW, IPS, AV, Sandboxing等入侵檢測技術,再強化感染後對於端點C&C連線、感染隔離、鑑識分析等需求,降低安全管理風險與加速回應時間,是現代Cyber Security的基礎模型。 連底子都沒打好,就試圖採用一些看似fancy的技術來處理安全問題,是相對不切實際且浪費的投資。

Upcoming Events

    Sort by:
    CheckMates Events