New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982 , is a...

Exploit kits: Spring 2018 review

Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are th...

Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...

February 2, 2018 – Morning Cyber Coffee Headlines – “Groundhog Day” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! February 2, 2018 - Headlines Carbon Black in the News: Darknet Markets: For...

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware

FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash,...

On xDedic, a Flash Zero Day, Facial Recognition, and More

Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software. Download: ThreatpostNewsWrapJune172016.mp3 Music by Chris Gonsalves...

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

APT organization PawnStorm take advantage of the latest Flash zero-day attack States, the Ministry of Foreign Affairs-vulnerability warning-the black bar safety net

Recently, Trend Micro researchers discovered a new Flash vulnerability being PawnStorm cyber espionage operations use around the world the Ministry of Foreign Affairs to expand the attack. The Ministry of Foreign Affairs to attack the target PawnStorm is one of both depth and breadth of persisten...

Wekby APT 18 Exploiting Hacking Team Flash Zero Day

The Wekby APT group, implicated in a number of targeted attacks against health care organizations such as Community Health Systems and major pharmaceutical companies, is reportedly making use of the Adobe Flash Player zero-day found in the Hacking Team data dump. According to Virginia-based...

Hacking Team Flash Zero Day Weaponized in Exploit Kits

Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team. Experts, including French researcher Kafeine and a number of others from security companies, revealed last night...

1,800 Domains Overtaken by Flash Zero Day

When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about which kit would rise up as its successor. It seems that the Angler exploit kit has ascended to the throne. The most definitive evidence seems to be the constant...

Analysis of Flash Zero Day Shows Layers of Obfuscation

The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit,...

Exploit for Flash Zero Day Appears in Angler Exploit Kit

The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability. The kit is exploiting the previously unknown vulnerability in several versions of Internet Explorer running on Windows 7 and Windows 8. French security researcher...

Flash Zero Day Used to Target Victims in Syria

A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...