Release notes for update package 1613-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday July 20, 2023
MD5 CHECKSUM:     5bb7a13f094894484b290233bdf4826e
SHA1 CHECKSUM:     0b808f9f25f2c4b86bcd7cab6e4e2134a9c58c7d
SHA256 CHECKSUM:     a3ef66f65675b96786cd708e9eec199d84af9ab3c01082922b43e54e410e9c40

UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in MOVEit detected     CVE-2023-36932     Progress-MOVEit-Transfer-Moveitisapi-X-Silock-Fileid-SQL-Injection
High     An attempt to exploit a vulnerability in Adobe ColdFusion detected     CVE-2023-29300     Adobe-ColdFusion-Insecure-Deserialization-CVE-2023-29300

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Progress-MOVEit-Transfer-Moveitisapi-X-Silock-Fileid-SQL-Injection CVE-2023-36932 HTTP_CS-Progress-MOVEit-Transfer-Moveitisapi-X-Silock-Fileid-SQL-Injection Suspected Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Adobe-ColdFusion-Insecure-Deserialization-CVE-2023-29300 CVE-2023-29300 HTTP_CRL-Adobe-ColdFusion-Insecure-Deserialization Suspected Compromise

Updated detected attacks:

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Adobe-ColdFusion-Improper-Access-Control-Vulnerability-CVE-2023-29298 CVE-2023-29298 HTTP_CSU-Adobe-ColdFusion-Improper-Access-Control-Vulnerability-CVE-2023-29298 Suspected Compromise
Description has changed
Fingerprint regexp changed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Critical Log4j-Remote-Code-Execution CVE-2021-44228 HTTP_CRL-Log4j-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed
High Spring-Core-Remote-Code-Execution CVE-2022-22965 HTTP_CRL-Spring-Core-Remote-Code-Execution-Suspicious-Parameter-Name Potential Compromise
Fingerprint regexp changed
High Linux-Download-Commands-In-Parameter-Values No CVE/CAN HTTP_CRL-Linux-Download-Commands-In-Parameter-Values Potential Compromise
Detection mechanism updated

LIST OF OTHER CHANGES:

Updated objects:

Type Name Changes
IPList Yemen
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Syria
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Seychelles
IPList Jordan
IPList Lebanon
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Turkey
IPList Greece
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Finland
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Malawi
IPList Lesotho
IPList South Africa
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Turkmenistan
IPList Tajikistan
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Maldives
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Timor-Leste
IPList Russia
IPList Mongolia
IPList Australia
IPList Papua New Guinea
IPList Solomon Islands
IPList Vanuatu
IPList New Zealand
IPList Cameroon
IPList Portugal
IPList Ivory Coast
IPList Nigeria
IPList Togo
IPList Mauritania
IPList São Tomé and Príncipe
IPList Tunisia
IPList Spain
IPList Malta
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Italy
IPList Slovenia
IPList Croatia
IPList Bosnia and Herzegovina
IPList Angola
IPList Greenland
IPList Brazil
IPList Dominican Republic
IPList Martinique
IPList Bermuda
IPList Saint Lucia
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Saint Martin
IPList Guadeloupe
IPList Grenada
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Haiti
IPList Argentina
IPList Chile
IPList Peru
IPList Mexico
IPList Puerto Rico
IPList American Samoa
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList South Sudan
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList Microsoft Azure datacenter for australiaeast
IPList Microsoft Azure datacenter for australiasoutheast
IPList Microsoft Azure datacenter for brazilsouth
IPList TOR relay nodes IP Address List
IPList Microsoft Azure datacenter for centralindia
IPList Microsoft Azure datacenter for centralus
IPList Microsoft Azure datacenter for eastus2euap
IPList Microsoft Azure datacenter for eastus2
IPList Microsoft Azure datacenter for eastus
IPList Microsoft Azure datacenter for centralfrance
IPList Microsoft Azure datacenter for japaneast
IPList Microsoft Azure datacenter for japanwest
IPList Microsoft Azure datacenter for koreacentral
IPList Microsoft Azure datacenter for koreasouth
IPList Microsoft Azure datacenter for northcentralus
IPList Microsoft Azure datacenter for northeurope
IPList Microsoft Azure datacenter for southcentralus
IPList Microsoft Azure datacenter for southindia
IPList Microsoft Azure datacenter for southeastasia
IPList Microsoft Azure datacenter for uksouth
IPList Microsoft Azure datacenter for ukwest
IPList Microsoft Azure datacenter for westeurope
IPList Microsoft Azure datacenter for westindia
IPList Microsoft Azure datacenter for westus2
IPList Microsoft Azure datacenter for westus
IPList Microsoft Azure datacenter
IPList Zscaler IP Address List
IPList Salesforce email ARIN
IPList Salesforce
IPList Amazon AMAZON ap-east-1
IPList Amazon AMAZON ap-northeast-1
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON ap-south-1
IPList Amazon AMAZON ap-southeast-1
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON ap-southeast-2
IPList Amazon EC2 ap-southeast-2
IPList Amazon AMAZON ca-central-1
IPList Amazon AMAZON cn-northwest-1
IPList Amazon EC2 cn-northwest-1
IPList Amazon AMAZON eu-central-1
IPList Amazon AMAZON eu-west-1
IPList Amazon AMAZON eu-west-2
IPList Amazon AMAZON me-south-1
IPList Amazon AMAZON sa-east-1
IPList Amazon AMAZON us-east-1
IPList Amazon AMAZON us-west-1
IPList Amazon AMAZON us-west-2
IPList Amazon EC2 us-west-2
IPList Microsoft Azure datacenter for brazilse
IPList Microsoft Azure datacenter for germanyn
IPList Microsoft Azure datacenter for germanywc
IPList Microsoft Azure datacenter for norwayw
IPList Microsoft Azure datacenter for southafricanorth
IPList Microsoft Azure datacenter for switzerlandn
IPList Microsoft Azure datacenter for uaecentral
IPList Microsoft Azure datacenter for uaenorth
IPList Microsoft Azure service for AppConfiguration
IPList Microsoft Azure service for AzureCloud
IPList Microsoft Azure service for AzureContainerRegistry
IPList Microsoft Azure service for AzureIoTHub
IPList Microsoft Azure service for AzureKeyVault
IPList Microsoft Azure service for AzureMonitor
IPList Microsoft Azure service for AzureMonitor_Core
IPList Microsoft Azure service for DataFactory
IPList Microsoft Azure service for DataFactoryManagement
IPList Microsoft Azure service for EventHub
IPList Microsoft Azure service for MicrosoftContainerRegistry
IPList Microsoft Azure service for PowerBI
IPList Microsoft Azure service for PowerQueryOnline
IPList Microsoft Azure service for ServiceBus
IPList Microsoft Azure service for ServiceFabric
IPList Microsoft Azure service for Sql
IPList Microsoft Azure service for SqlManagement
IPList Microsoft Azure datacenter for swedencentral
IPList Microsoft Azure datacenter for swedensouth
IPList Microsoft Azure datacenter for qatarcentral
IPList Microsoft Azure datacenter for italynorth
IPList Microsoft Azure datacenter for polandcentral
IPList Microsoft Azure service for M365ManagementActivityApi
IPList Microsoft Azure service for M365ManagementActivityApiWebhook
Situation HTTP_CSH-Shared-Variables
Fingerprint regexp changed
Situation HTTP_CRL-Shared-Variables

DISCLAIMER AND COPYRIGHT

Copyright © 2023 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.