This update package improves the detection capabilities of the Forcepoint LLM system.
| RELEASE DATE: | Wednesday June 03, 2020 |
| MD5 CHECKSUM: | 50e556ec55cae7ad0bf2ffca9f6ee7d7 |
| SHA1 CHECKSUM: | fd57a0674a86abdbb93573acc73f0e61235cd696 |
| SHA256 CHECKSUM: | 2942dfda92286f2df954abed64c8c32d7942f61d74b9c3c20568998efa0fd6e3 |
UPDATE CRITICALITY: HIGH
List of detected attacks in this update package:
| Risk level | Description | Reference | Vulnerability |
|---|---|---|---|
| High | An attempt to exploit a vulnerability in Pi-Hole detected | CVE-2020-11108 | Pi-Hole-Blocklist-OS-Command-Execution |
| High | An attempt to exploit a vulnerability in Pi-Hole detected | CVE-2020-8816 | Pi-Hole-DHCP-Mac-OS-Command-Execution |
| High | An attempt to exploit a vulnerability in Kentico CMS detected | CVE-2019-10068 | Kentico-CMS-Staging-SyncServer-Remote-Command-Execution |
| High | Pihole Blocklist Exec | CVE-2020-11108 | Pihole-Blocklist-Exec-CVE-2020-11108 |
| High | KPOT Stealer traffic was detected | No CVE/CAN | KPOT-Stealer-Traffic |
| High | An attempt to exploit a vulnerability in OpenMRS Reference Application detected | CVE-2020-5730 | Openmrs-Reference-Application-Sessionlocation-Reflected-Cross-Site-Scripting |
| High | An attempt to exploit a vulnerability in Adobe Systems DNG Software Development Kit detected | CVE-2020-9622 | Adobe-DNG-Software-Development-Kit-Decodeimage-Out-Of-Bounds-Read |
Jump to: Detected Attacks Other Changes
DETECTED ATTACKS
New detected attacks:
HTTP Normalized Request-Line
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Pi-Hole-Blocklist-OS-Command-Execution | CVE-2020-11108 | HTTP_CRL-Pi-Hole-Blocklist-OS-Command-Execution | Suspected Compromise |
| High | Pi-Hole-DHCP-Mac-OS-Command-Execution | CVE-2020-8816 | HTTP_CRL-Pi-Hole-DHCP-Mac-OS-Command-Execution | Suspected Compromise |
| High | Kentico-CMS-Staging-SyncServer-Remote-Command-Execution | CVE-2019-10068 | HTTP_CRL-Kentico-CMS-Staging-SyncServer-Remote-Command-Execution | Suspected Compromise |
| High | Pihole-Blocklist-Exec-CVE-2020-11108 | CVE-2020-11108 | HTTP_CRL-Pihole-Blocklist-Exec-CVE-2020-11108 | Suspected Compromise |
| High | KPOT-Stealer-Traffic | No CVE/CAN | HTTP_CS-KPOT-Stealer-Traffic | Suspected Botnet |
| High | Openmrs-Reference-Application-Sessionlocation-Reflected-Cross-Site-Scripting | CVE-2020-5730 | HTTP_CRL-Openmrs-Reference-Application-Sessionlocation-Reflected-Cross-Site-Scripting | Suspected Compromise |
Other Binary File Stream
| Risk | Vulnerability/Situation | References | Related Fingerprint | Situation Type |
|---|---|---|---|---|
| High | Adobe-DNG-Software-Development-Kit-Decodeimage-Out-Of-Bounds-Read | CVE-2020-9622 | File-Binary_Adobe-DNG-Software-Development-Kit-Decodeimage-Out-Of-Bounds-Read | Suspected Compromise |
LIST OF OTHER CHANGES:
New objects:
| Type | Name |
|---|---|
| Category | Pihole |
| Category | Kentico CMS |
| Category | Adobe Systems DNG Software Development Kit |
| IPList | Google Meet IP Address List |
Updated objects:
| Type | Name | Changes | |||
|---|---|---|---|---|---|
| Network Element | TOR exit nodes | ||||
| Application | Fetion-Instant-Messaging-Audio-Video |
|
|||
| IPList | Amazon DYNAMODB | ||||
| IPList | TOR relay nodes IP Address List | ||||
| IPList | Amazon AMAZON cn-north-1 | ||||
| IPList | Amazon DYNAMODB us-east-1 | ||||
| IPList | TOR exit nodes IP Address List | ||||
| IPList | Amazon AMAZON |
DISCLAIMER AND COPYRIGHT
The information in this document is provided only for educational purposes and for the convenience of Forcepoint customers. The information contained herein is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation, circumstance, or system configuration - use at your own risk. Forcepoint does not warrant or endorse any third-party products described herein.
Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Copyright © 2000-2020 Forcepoint LLC. All rights reserved.
Forcepoint™ is a trademark of Forcepoint, LLC. SureView®, ThreatSeeker®, Triton®, Sidewinder®, and Stonesoft® are registered trademarks of Forcepoint, LLC. Raytheon® is a registered trademark of Raytheon Company. All other trademarks and registered trademarks are the property of their respective owners.
Copyright © 2000-2020 Forcepoint LLC. All rights reserved.