Release notes for update package 1805-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Monday December 02, 2024
MD5 CHECKSUM:     effd135665a56177aac772d2f1a9a2bc
SHA1 CHECKSUM:     cc382c1dd370f83636c0a328b04c19c665e30148
SHA256 CHECKSUM:     8c4149fede0ae5a826dbca086ec488c08670faa064e9f0767fb922fdbf288462


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in Veertu Anka Build detected     CVE-2024-28189     Judge0-Sandbox-Escape-CVE-2024-28189
High     An attempt to exploit a vulnerability in Delta Electronics InfraSuite Device Master detected     CVE-2024-10456     Delta-Electronics-Infrasuite-Device-Master-Gextrainfo-Insecure-Deserialization
High     An attempt to exploit a vulnerability in Rockwell Automation ThinManager ThinServer detected     CVE-2024-10387     Rockwell-Automation-Thinmanager-Thinserver-Monitor-Thread-Out-Of-Bounds-Read

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Rockwell-Automation-Thinmanager-Thinserver-Monitor-Thread-Out-Of-Bounds-Read CVE-2024-10387 Generic_CS-Rockwell-Automation-Thinmanager-Thinserver-Monitor-Thread-Out-Of-Bounds-Read Potential Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Judge0-Sandbox-Escape-CVE-2024-28189 CVE-2024-28189 HTTP_CRL-Judge0-Sandbox-Escape-CVE-2024-28189 Potential Compromise
High Delta-Electronics-Infrasuite-Device-Master-Gextrainfo-Insecure-Deserialization CVE-2024-10456 HTTP_CRL-Delta-Electronics-Infrasuite-Device-Master-Gextrainfo-Insecure-Deserialization Suspected Compromise

Updated detected attacks:

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Wordpress-Automatic-Plugin-SQL-Injection-CVE-2024-27956 CVE-2024-27956 HTTP_CRL-Wordpress-Automatic-Plugin-SQL-Injection-CVE-2024-27956 Suspected Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Judge0
Certificate Authority nazwaSSL DV TLS G2 R29 CA
Certificate Authority AC Firmaprofesional - Secure Web 2024
Certificate Authority DigiCert Secure Site Pro EV G2 TLS CN RSA4096 SHA256 2022 CA1
Certificate Authority GlobalSign Atlas R3 AlphaSSL CA 2024 Q4
Certificate Authority GlobalSign Atlas R3 DV ACME CA 2024 Q4
Certificate Authority GlobalSign Atlas R3 OV TLS CA 2024 Q4
Certificate Authority WE2
Certificate Authority e-Szigno Class3 CA 2017
Certificate Authority K Software RSA Domain Validation Secure Server CA 3
Certificate Authority Sectigo Public Server Authentication Root R46 (2)
Certificate Authority Sectigo RSA Client Authentication and Secure Email CA
Certificate Authority KeepTrust OV TLS RSA CA G2
Certificate Authority Entrust EV TLS Issuing RSA CA 1
Application Microsoft-Key-Management-Service-Protocol
Element Ref Application dependency from Azure-Stack-HCI to Python-Package-Manager

Updated objects:

Type Name Changes
Certificate Authority DOMENY SSL DV Certification Authority
Marked for removal
Certificate Authority DOMENY SSL OV Certification Authority
Marked for removal
Certificate Authority TeleSec Business CA 1
Marked for removal
Situation URL_List-DNS-Over-HTTPS
Detection mechanism updated
IPList Somalia
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Armenia
IPList Kenya
IPList Seychelles
IPList Jordan
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Türkiye
IPList Egypt
IPList Greece
IPList Burundi
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland Islands
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Botswana
IPList Mauritius
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList India
IPList Nepal
IPList Kazakhstan
IPList Kyrgyzstan
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Macao
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Russia
IPList Mongolia
IPList Australia
IPList Christmas Island
IPList Marshall Islands
IPList New Zealand
IPList Libya
IPList Portugal
IPList Ivory Coast
IPList Nigeria
IPList Tunisia
IPList Spain
IPList Morocco
IPList Malta
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList The Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList France
IPList Liechtenstein
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Vatican City
IPList San Marino
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Namibia
IPList French Guiana
IPList Suriname
IPList Saint Pierre and Miquelon
IPList Greenland
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Jamaica
IPList Dominican Republic
IPList Martinique
IPList Bahamas
IPList Anguilla
IPList Trinidad and Tobago
IPList St Kitts and Nevis
IPList Dominica
IPList Antigua and Barbuda
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList Aruba
IPList British Virgin Islands
IPList Saint Martin
IPList Guadeloupe
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList Northern Mariana Islands
IPList Guam
IPList Puerto Rico
IPList U.S. Outlying Islands
IPList American Samoa
IPList Canada
IPList United States
IPList Serbia
IPList Antarctica
IPList Sint Maarten
IPList Curaçao
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Amazon EC2
IPList TOR relay nodes IP Address List
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Amazon AMAZON ap-southeast-1
IPList Amazon EC2 ap-southeast-1
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON us-east-1
IPList Amazon EC2 us-east-1
IPList Forcepoint Drop IP Address List
IPList Amazon AMAZON mx-central-1
IPList Oracle Cloud Infrastructure sa-saopaulo-1
Situation HTTP_PSU-Shared-Variables
Fingerprint regexp changed
Application Google-Maps
Application Microsoft-Azure
Application Microsoft-Office-365
Application Ultrasurf
Application detection context content changed
Application Psiphon
Application Python-Package-Manager
Application TOR
Application DNS-Over-HTTPS
Application NordVPN

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.