On Monday, Adobe released important patches for its Flash Player across all platforms. The patches relate to several vulnerabilities in the Flash Player, several of which could potentially have allowed code execution on the target platform. Flash being used in numerous web advertisement platforms, this update is critical.
Just about every version of Flash was affected, from Flash for Windows 10 to Flash Player for Linux. It should be noted that the Linux vulnerability was rated a “3” in priority, whereas other platforms, including ChromeOS, were rated as “1” in priority, by Adobe’s own standards. Windows and Macintosh users who have enabled automatic updates will have [...]
Two exploit kits have been discovered that allowed hackers to compromise computers. The exploit was patched last week, but many users are considered to still be at risk. The bug was spotted by French security research Kafeine. Risk is considered high because the exploit targets recent versions of Flash Player software.
Prior to the released fix, the bug was a zero-day – meaning no known fix. Two security toolboxes, Angler and Magnitude, are able to take advantage of the flaw. The kits could deploy malware including ransomware, which restricts users’ access to files until a ransom is paid. Generally the ransom is paid using the digital currency [...]
The Chinese hacker group APT3 is known in the security industry for their previous, large-scale attacks. The group’s last big campaign, dubbed Operation Clandestine Fox, was a smashing success that relied on something most people visiting this website will find absurd: people using Internet Explorer.
As of that time, as much as 25% of people on the Internet were still using the notoriously insecure browser. Indeed, large organizations still use Explorer, and these are the kinds of targets that APT3 goes after. Now, in a potentially much bigger attack called “Operation Clandestine Wolf,” APT3 has found a vulnerability in Adobe Flash Player which allows it [...]
Security firm FireEye recently published a blog post detailing the use of two zero-day vulnerabilities against foreign government targets. According to FireEye, the attackers are most likely a state-sponsored group from Russia. The security firm first detected a pattern of attacks on April 13th, 2015, shortly after news broke that Russian hackers had breached White House security. These new attacks took advantage of previously unknown vulnerabilities in Windows and (unsurprisingly) Adobe Flash Player.