http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-04-13 07:56:50 - Security Bloggers Network : http://www.secuobs.com/revue/news/603574.shtmlhttp://www.secuobs.com/revue/news/603574.shtml 2016-04-12 18:36:05 - Symantec Connect Security Response Billets : Exploit kits EKs including Magnitude and Nuclear have begun to exploit a type confusion vulnerability in Adobe Flash Player CVE-2016-1019 IMAGE Read More http://www.secuobs.com/revue/news/603540.shtmlhttp://www.secuobs.com/revue/news/603540.shtml 2016-04-08 18:07:22 - TrendLabs Security Intelligence Blog : Adobe has just released a security update for Adobe Flash to address a vulnerability CVE-2016-1019 that was used in zero day attacks against older versions of Adobe Flash We previously discussed one such attack when we discovered this vulnerability being integrated in Magnitude Exploit Kit In this post, we took a look at the exploit code In the sample we acquired from our Smart Protection Network feedback, we observed that this vulnerability is also present in Mac OS X In addition to being present on the Windows platform, it is interesting to note it is also present on Mac OS X given that fewer exploits target the said OS Post from Trendlabs Security Intelligence Blog - by Trend Micro A Look Into Adobe Flash Player CVE-2016-1019 Zero-Day Vulnerability http://www.secuobs.com/revue/news/603281.shtmlhttp://www.secuobs.com/revue/news/603281.shtml 2016-04-08 16:33:05 - Krebs on Security : http://www.secuobs.com/revue/news/603267.shtmlhttp://www.secuobs.com/revue/news/603267.shtml 2016-04-08 15:31:36 - Security Bloggers Network : The vulnerability has recently been discovered in the Magnitude exploit kit http://www.secuobs.com/revue/news/603260.shtmlhttp://www.secuobs.com/revue/news/603260.shtml 2016-04-08 15:31:36 - Security Bloggers Network : Adobe has released an emergency security update for Flash Player, protecting against a vulnerability that is being actively exploited by hackers to spread ransomware http://www.secuobs.com/revue/news/603257.shtmlhttp://www.secuobs.com/revue/news/603257.shtml 2016-04-08 15:31:36 - Security Bloggers Network : Second time in two months an update you want sooner rather than later http://www.secuobs.com/revue/news/603252.shtmlhttp://www.secuobs.com/revue/news/603252.shtml 2016-04-08 15:30:35 - Risk Assessment Ars Technica : Actively exploited critical flaw has been in wild for more than a week http://www.secuobs.com/revue/news/603250.shtmlhttp://www.secuobs.com/revue/news/603250.shtml 2016-04-08 14:34:32 - Global Security Mag Online : Proofpoint annonce la découverte d'une importante faille au sein de l'application Adobe Flash Diffusée massivement, cette faille pourrait avoir touché toutes les version Adobe Flash installées sur des machines Windows Adobe Flash Player est actuellement installé sur 1 milliard d'ordinateurs dans le monde Après analyse, les charges utiles observées montrent qu'il est là encore question d'une nouvelle façon pour les pirates informatiques de diffuser un - Vulnérabilités http://www.secuobs.com/revue/news/603245.shtmlhttp://www.secuobs.com/revue/news/603245.shtml 2016-04-08 11:59:49 - Slashdot Your Rights Online : wiredmikey writes Adobe released a Flash Player update on Thursday night to patch a zero-day vulnerability that has been leveraged by cybercriminals to deliver malware via the Magnitude exploit kit The vulnerability CVE-2016-1019 , a memory corruption that can be exploited for remote code execution, was discovered after, on April 2, security researcher Kafeine of Proofpoint noticed a change in the Magnitude exploit kit The sample was then investigated by FireEye, which determined that Magnitude EK had been exploiting a previously unknown vulnerability in Flash Player âoeDespite the fact that this new exploit could potentially work on any version of Adobe Flash, including a fully patched instance of Flash, the threat actors implemented it in a manner that only targeted older versions of Flash In other words, equipped with a weapon that could pierce even the latest armor, they only used it against old armor, and in doing so exposed to security researchers a previously unreported vulnerability,â Proofpoint said in a blog post IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/603221.shtmlhttp://www.secuobs.com/revue/news/603221.shtml 2016-04-08 10:38:33 - Security Bloggers Network : In today's threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems Over the past year, Talos has observed several instances where adversaries have identified zero-day vul http://www.secuobs.com/revue/news/603214.shtmlhttp://www.secuobs.com/revue/news/603214.shtml 2016-04-08 03:02:24 - TrendLabs Security Intelligence Blog : By Peter Pi, Brooks Li and Joseph C Chen Following their security advisory last April 5, 2016, Adobe has released an out of band patch today for the vulnerability CVE-2016-1019, which affects Adobe Flash Player Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 2000306 and earlier These attacks are not effective against Post from Trendlabs Security Intelligence Blog - by Trend Micro Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player http://www.secuobs.com/revue/news/603173.shtmlhttp://www.secuobs.com/revue/news/603173.shtml 2016-04-07 12:17:51 - Security Bloggers Network : Adobe has announced that it will be issuing an emergency security update for its widely-used Flash Player, after discovering hackers were actively exploiting a security hole to hijack control of computer systems http://www.secuobs.com/revue/news/603076.shtmlhttp://www.secuobs.com/revue/news/603076.shtml 2016-04-06 13:58:13 - Security Bloggers Network : The zero-day vulnerability allows attackers to take complete control of a victim's system http://www.secuobs.com/revue/news/602995.shtmlhttp://www.secuobs.com/revue/news/602995.shtml 2016-03-15 22:47:18 - Security Bloggers Network : Protect your computer better by keeping Adobe Flash updated, or eradicate it completely Yasin Soliman explains http://www.secuobs.com/revue/news/601118.shtmlhttp://www.secuobs.com/revue/news/601118.shtml 2016-03-14 14:49:56 - SecurityTube.Net : Adobe Flash Player, one of the most ubiquitous pieces of software, is integrated into the operating system on Windows 81 and Windows 10 Along with the introduction of Control Flow Guard CFG - Microsoft's newest exploit mitigation technology - in November 2014, Flash Player binaries provided by Microsoft are now protected by CFG, which adds a check before every indirect call in the code in order to verify that the destination address of that call is one of the locations identified as safe at compile time Gaining code execution isn't as simple as overwriting the vtable of an object and calling one of its virtual methods anymore We'll start this presentation by discussing an exploitation technique which leverages the Flash Player's JIT compiler in order to bypass CFG, and how Microsoft and Adobe have hardened Flash Player's JIT compiler against this technique in the June 2015 security updates Then, we are going to discuss three practical data-only attacks, showing how it is possible to take advantage of vulnerabilities in Flash Player while avoiding the mess of having to deal with CFG One of these alternative payloads makes it possible to execute arbitrary commands on the vulnerable system without injecting shellcode nor using ROP Interestingly, detecting and protecting against these data-only attacks can be challenging Although this talk is focused on the challenges of exploiting Flash Player vulnerabilities on CFG-enabled systems, the techniques and ideas discussed here may be applied against other software For More Information Please Visit - https wwwblackhatcom indexhtml http://www.secuobs.com/revue/news/600991.shtmlhttp://www.secuobs.com/revue/news/600991.shtml 2016-03-11 17:31:58 - Security Bloggers Network : Adobe just updated Flash, two days after Patch Tueday, after reports of crooks exploiting a new vulnerability http://www.secuobs.com/revue/news/600849.shtmlhttp://www.secuobs.com/revue/news/600849.shtml 2016-03-11 00:44:52 - TrendLabs Security Intelligence Blog : Following its release of a security update for Acrobat and Reader, Adobe has released another one, this time to address 23 reported vulnerabilities in Flash In its advisory APSB16-08 , Adobe notes that this patch addresses critical vulnerabilities that could allow an attack to gain control of an affected system They further note that one of the vulnerabilities CVE-2016-1010 is being used in limited, targeted attacks Post from Trendlabs Security Intelligence Blog - by Trend Micro Adobe Releases Flash Security Update to Patch Exploited Vulnerability http://www.secuobs.com/revue/news/600778.shtmlhttp://www.secuobs.com/revue/news/600778.shtml 2016-03-10 22:40:08 - Risk Assessment Ars Technica : Critical bug was used to take control of vulnerable computers http://www.secuobs.com/revue/news/600772.shtmlhttp://www.secuobs.com/revue/news/600772.shtml 2016-03-09 20:00:50 - Security Bloggers Network : A popular children's toy made by LeapFrog is susceptible to a variety of attacks that leverage Adobe Flash vulnerabilities David Bisson reports http://www.secuobs.com/revue/news/600620.shtmlhttp://www.secuobs.com/revue/news/600620.shtml 2016-03-09 06:18:15 - Security Bloggers Network : http://www.secuobs.com/revue/news/600550.shtmlhttp://www.secuobs.com/revue/news/600550.shtml 2016-03-08 22:43:27 - Krebs on Security : Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site http://www.secuobs.com/revue/news/600519.shtmlhttp://www.secuobs.com/revue/news/600519.shtml 2016-02-12 22:06:05 - Risk Assessment Ars Technica : Adobe has stopped distribution of an update believed to be triggering the deletions http://www.secuobs.com/revue/news/598181.shtmlhttp://www.secuobs.com/revue/news/598181.shtml 2016-02-12 08:50:51 - SecurityTube.Net : by Anton Ivanov A talk at Kaspersky Lab's Security Analyst Summit TheSAS2015 For More Information Please Visit - http sas2015inriafr http://www.secuobs.com/revue/news/598110.shtmlhttp://www.secuobs.com/revue/news/598110.shtml 2016-02-10 08:18:00 - Security Bloggers Network : http://www.secuobs.com/revue/news/597822.shtmlhttp://www.secuobs.com/revue/news/597822.shtml 2016-02-10 02:13:13 - TrendLabs Security Intelligence Blog : For this month s Patch Tuesday, Microsoft released 13 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Windows, and Microsoft Edge among others Out of these bulletins 6 are tagged as Critical while 7 are marked as Important http://www.secuobs.com/revue/news/597812.shtmlhttp://www.secuobs.com/revue/news/597812.shtml 2016-01-20 15:28:46 - Global Security Mag Online : Secunia Research, filiale de Flexera Software, fournisseur leader de renseignements sur les vulnérabilités logicielles, annonce la publication de 14 Rapports nationaux sur la cybersécurité pour le quatrième trimestre 2015 Ces rapports fournissent un état des lieux des logiciels vulnérables installés sur les ordinateurs privés dans les pays concernés Ils établissent également un classement de ces applications vulnérables en fonction du degré d'exposition au piratage de ces ordinateurs Principales - Malwares http://www.secuobs.com/revue/news/596048.shtmlhttp://www.secuobs.com/revue/news/596048.shtml 2016-01-18 08:50:02 - Vigilance vulnérabilités publiques : Un attaquant peut provoquer un Server Side Request Forgery dans BlazeDS de Adobe LiveCycle Data Services, afin d'accéder à des services web filtrés http://www.secuobs.com/revue/news/595832.shtmlhttp://www.secuobs.com/revue/news/595832.shtml 2016-01-12 23:54:07 - TrendLabs Security Intelligence Blog : The life cycle of Windows 8, the first operating system Microsoft intended for both desktop and mobile use, has ended After this January 2016 Patch Tuesday release, users who have not yet updated upgraded to Windows 81 which was made available in late 2013 or Windows 10 will stop receiving updates Updating to Windows 81 or 10 is currently free for Windows http://www.secuobs.com/revue/news/595492.shtmlhttp://www.secuobs.com/revue/news/595492.shtml 2016-01-12 20:58:57 - Krebs on Security : Adobe and Microsoft each issued updates today to fix critical security problems with their software Adobe's patch updates 17 flaws in its Acrobat and PDF Reader products Microsoft released nine update bundles to plug at least 22 security holes in Windows and associated software http://www.secuobs.com/revue/news/595481.shtmlhttp://www.secuobs.com/revue/news/595481.shtml 2016-01-12 18:32:23 - 4sysops : Kyle Beckman Kyle Beckman - 0 comments Kyle Beckman works as a systems administrator in Higher Education in the Southeast United States and has 15 years of systems administration experience You can follow him on Twitter or his blog, trekkernet Adobe s Flash Player is still a requirement in many Enterprise Windows environments despite the number of critical security flaws present in the product In this article, I ll show you how you can augment your third-party patching strategy by enabling automatic silent updates of Adobe Flash on your Windows workstations Copyright 2006-2015, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/595475.shtmlhttp://www.secuobs.com/revue/news/595475.shtml 2016-01-06 13:57:56 - Security Bloggers Network : The sad news is that Adobe may not be told about flaws which are found - which can only be bad news for the rest of us, left without protection Read more in my article on the Tripwire State of Security blog http://www.secuobs.com/revue/news/594965.shtmlhttp://www.secuobs.com/revue/news/594965.shtml 2016-01-06 12:39:50 - Security Bloggers Network : The exploit buyer is offering hefty rewards for researchers who can get past Flash's new isolated heap system http://www.secuobs.com/revue/news/594954.shtmlhttp://www.secuobs.com/revue/news/594954.shtml 2015-12-29 14:16:11 - Security Bloggers Network : Adobe has released an out-of-band security update that fixes 19 critical vulnerabilities found in Flash Player On Monday, the United States Computer Emergency Readiness Team US-CERT issued an alert advising users and administrators alike to refer to Adobe Security Bulletin APSB16-01 In that bulletin, Adobe provides some context on the reasoning behind its emergency fixes Read More The post Adobe Releases Security Update for 19 Critical Vulnerabilities in Flash Player appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/594398.shtmlhttp://www.secuobs.com/revue/news/594398.shtml 2015-12-28 21:58:41 - Security Bloggers Network : Adobe issued today their last update for 2015 for its Flash player It addresses nineteen vulnerabilities and was released out of band because one of them CVE-2015-8651 is under attack in the wild At this point attacks are limited to special targets http://www.secuobs.com/revue/news/594325.shtmlhttp://www.secuobs.com/revue/news/594325.shtml 2015-12-28 21:14:36 - Symantec Connect Security Response Billets : Adobe has patched a Flash zero-day vulnerability that may have already been exploited in limited targeted campaigns IMAGE Read More http://www.secuobs.com/revue/news/594323.shtmlhttp://www.secuobs.com/revue/news/594323.shtml 2015-12-21 07:52:56 - SecurityTube.Net : In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples We ll detail out how to chain several unique issues to obtain execution in a privileged context Finally, we ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption Speaker Bios Brian Gorenc is the manager of Vulnerability Research with Hewlett-Packard Security Research HPSR In this role, Gorenc leads the Zero Day Initiative ZDI program, which is the world s largest vendor-agnostic bug bounty program His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world The ZDI works to expose and remediate weaknesses in the world s most popular software Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions Prior to joining HP, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter JSF program In this role, he led the development effort on the Information Assurance IA products in the JSF s mission planning environment Twitter maliciousinput Abdul-Aziz Hariri is a security researcher with Hewlett-Packard Security Research HPSR In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative ZDI program, which is the world's largest vendor-agnostic bug bounty program His focus includes performing root-cause analysis, fuzzing and exploit development Prior to joining HP, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, Portrait of a Full-Time Bug Hunter Twitter abdhariri Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative ZDI program His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint Jasiel's focus started off in the networking world but then shifted to development until transitioning to security He has a BA in Computer Science from the University of Texas at Austin Twitter wanderingglitch HP s Zero Day Initiative, Twitter thezdi For More Information Please Visit - https wwwdefconorg html defcon-23 dc-23-indexhtml http://www.secuobs.com/revue/news/593778.shtmlhttp://www.secuobs.com/revue/news/593778.shtml 2015-12-10 02:36:19 - TrendLabs Security Intelligence Blog : In this month's Patch Tuesday, Adobe released updates for 79 vulnerabilities in its Flash Player, the most number of vulnerabilities patched for the said product this year 56 of these are use-after free UAF vulnerabilities, which may allow attackers to remotely run arbitrary code on affected systems Most of the other vulnerabilities relate to memory corruption and buffer overflow http://www.secuobs.com/revue/news/592685.shtmlhttp://www.secuobs.com/revue/news/592685.shtml 2015-12-09 15:20:22 - Security Bloggers Network : Adobe has issued its last 2015 security update, fixing a total of 78 security vulnerabilities http://www.secuobs.com/revue/news/592609.shtmlhttp://www.secuobs.com/revue/news/592609.shtml 2015-12-09 14:34:45 - Security Bloggers Network : Adobe has patched 79 critical vulnerabilities affecting Flash Player in its December 2015 security bulletin The alert, which bears the vulnerability identifier APSB15-32, warns that all platforms are affected by the flaws This includes Windows and Macintosh regarding the Flash desktop version 1900245 and earlier, as well as the Google Chrome, Microsoft Edge, and Internet Read More The post Adobe Patches 79 Critical Vulnerabilities in Flash Player appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/592605.shtmlhttp://www.secuobs.com/revue/news/592605.shtml 2015-12-09 01:52:10 - Krebs on Security : Adobe and Microsoft today independently issued software updates to plug critical security holes in their software Adobe released a patch that fixes a whopping 78 security vulnerabilities in its Flash Player software Microsoft pushed a dozen patch bundles to address at least 71 flaws in various versions of the Windows operating system and associated software http://www.secuobs.com/revue/news/592549.shtmlhttp://www.secuobs.com/revue/news/592549.shtml 2015-12-04 22:10:19 - Security Bloggers Network : Earlier this year, I asked Are We Witnessing the Death of Flash A blog post prompted by a series of Flash exploits and a negative industry response to the ubiquitous software At the time, Amazon and Google each announced they would be blocking or pausing Flash ads This week, Adobe told people to stop using Flash Except really http://www.secuobs.com/revue/news/592159.shtmlhttp://www.secuobs.com/revue/news/592159.shtml 2015-12-03 17:06:10 - Security Bloggers Network : Adobe has recently announced its plans to rebrand Flash as Animate, but some feel it s little more than a name change when it comes to security According to Rich Lee, Sr Product Marketing Manager at Adobe Systems, the change to Animate positions Adobe to more fully respond to the fact that more than a third Read More The post Adobe to Rebrand Flash Professional as Animate appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/591982.shtmlhttp://www.secuobs.com/revue/news/591982.shtml 2015-11-28 17:47:03 - grand stream dreams : I noticed the other day when snagging the latest Adobe Flash Player update from the Adobe binary download site that they will be removing most access to the standalone Flash Player download files Adobe Flash Player Distribution - Adobe 0xhiics3nmw That really bites as it is a great way to bypass all the nonsense with third-party app installs during your Flash installs upgrades for friends and family On my own systems I have Flash Player set to notify me of new updates but to not install them automatically I ve yet to see a notification from the app that a new Flash version is available I ve also gone back to check on systems that I manage Flash manually on for others and find that they do have the latest Flash version already -- and a third-party application usually a tool bar helper or security application installed that came along with the update ride that the user didn t catch And under the revised access system, you will need to have an active Internet connection to access the on-line update download Adobe Flash From January 2016, the bloatware-spin Borns IT and Windows Blog Google Translated Adobe wants to restrict further distribution of the Flash player - heise online Google Translated I m not sure yet if some of the trusted third-party download sites I use will continue to be able to offer just the binary files for access I prefer to get my binaries directly from the source, but that isn t an option after January 22nd And these might not be available either Download Adobe Shockwave Player Tools for Windows - MajorGeeks Plugins Downloads - FileHippocom Really, it s yet another nail in the coffin lid to remove Flash altogether from my systems grand stream dreams Taking Flash Player out to the Bins Then there is this tweet tip from Aral Balkan that basically reminds us we can often use the F12 developer tools to emulate user-agent switch to an iPad or other mobile device with our browser That may get us Flash content that is available if you don t have Flash installed Related Java tip Avoid third-party sponsor deals during Java installation or upgrade - gHacks Tech News Sigh Claus Valca http://www.secuobs.com/revue/news/591457.shtmlhttp://www.secuobs.com/revue/news/591457.shtml 2015-11-11 23:25:08 - Security Bloggers Network : Watch Qualys coverage of Microsoft and Adobe Patches - November 2015 http://www.secuobs.com/revue/news/589823.shtmlhttp://www.secuobs.com/revue/news/589823.shtml 2015-11-11 15:51:32 - Krebs on Security : For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software http://www.secuobs.com/revue/news/589783.shtmlhttp://www.secuobs.com/revue/news/589783.shtml 2015-10-22 00:56:05 - CNIS mag : Les coups, oui ça fait mal affirmait le philosophe Jean Philippe Smet en 1966, résumant en cette formule lapidaire le désarroi ontologique du responsable sécurité face à l infini des exploits in the wild Cette lente progression vers l acmé de la sécurité passe nécessairement par le bulletin d alertes de Microsoft qui, ce http://www.secuobs.com/revue/news/587569.shtmlhttp://www.secuobs.com/revue/news/587569.shtml 2015-10-19 20:37:02 - Security Bloggers Network : Adobe has released patches for multiple vulnerabilities in its Flash Player application ahead of schedule, including a zero-day exploit CVE-2015-7645 that is known to have been used in a targeted espionage campaign On Friday, the United States Computer Emergency Readiness Team US-CERT issued a statement directing users to ASPB15-27, Adobe s latest security bulletin that addresses Read More The post Flash Player Zero-Day Patched by Adobe Ahead of Schedule appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/587265.shtmlhttp://www.secuobs.com/revue/news/587265.shtml 2015-10-19 19:22:14 - Security Bloggers Network : I don't often say nice things about Adobe But when they do something well, they should be applauded http://www.secuobs.com/revue/news/587260.shtmlhttp://www.secuobs.com/revue/news/587260.shtml 2015-10-19 10:02:09 - Symantec Connect Symantec Security Response Billets : Adobe has issued an emergency patch for a new Flash Player vulnerability CVE-2015-7645 exploited by attackers behind the Operation Pawn Storm campaign Read More http://www.secuobs.com/revue/news/587145.shtmlhttp://www.secuobs.com/revue/news/587145.shtml 2015-10-19 09:09:37 - Vigilance vulnérabilités publiques : Un attaquant peut contourner les restrictions d'accès aux données de Adobe LiveCycle Data Services, afin d'obtenir des informations sensibles http://www.secuobs.com/revue/news/587142.shtmlhttp://www.secuobs.com/revue/news/587142.shtml 2015-10-19 05:27:10 - Security Bloggers Network : The out-of-band patch fixes a security vulnerability that affects all versions of Flash http://www.secuobs.com/revue/news/587137.shtmlhttp://www.secuobs.com/revue/news/587137.shtml 2015-10-17 02:45:55 - Security Bloggers Network : Our security roundup series covers the week s trending topics in the world of InfoSec In this quick-read compilation, we ll let you know of the latest news and controversies that the industry has been talking about recently Here s what you don t want to miss from the week of October 12, 2015 Dow Jones Co, the publisher of Read More The post This Week in Security Adobe 0-Day Exploit, Dridex Disrupted, Vulnerable Androids appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/587065.shtmlhttp://www.secuobs.com/revue/news/587065.shtml 2015-10-16 23:27:00 - Security Bloggers Network : Just three days after Trend Micro had notified Adobe of a 0-day vulnerability in their Flash player, Adobe addressed the flaw with a patch APSB15-27 provides fixes for three vulnerabilities, and one of them, CVE-2015-7645, is currently being used in a http://www.secuobs.com/revue/news/587053.shtmlhttp://www.secuobs.com/revue/news/587053.shtml 2015-10-15 13:00:25 - Security Bloggers Network : Adobe Flash is putting your computer at risk and there s no patch yet Sooner or later you are going to have to address the Flash problem on your computers And there doesn t seem a better time with a zero-day vulnerability being actively exploited by an organised hacking gang Read more in my article on the We Live Security blog http://www.secuobs.com/revue/news/586841.shtmlhttp://www.secuobs.com/revue/news/586841.shtml 2015-10-14 15:51:49 - Help Net Security : Adobe has released on Tuesday security updates that address multiple vulnerabilities in Reader, Acrobat, and Flash Player Unfortunately, among the holes plugged in Flash isn't a a zero-day vulnerabil http://www.secuobs.com/revue/news/586734.shtmlhttp://www.secuobs.com/revue/news/586734.shtml 2015-10-14 14:36:43 - Security Bloggers Network : Security researchers have identified a new zero-day exploit in Adobe Flash Player that attackers behind the Pawn Storm espionage campaign leveraged to spy on foreign ministries Since its inception, Pawn Storm has generally relied on the use of zero-day exploits, including the first Java-based exploit observed in a couple of years, to spy on high-profile Read More The post New Adobe Flash Player Zero-Day Used in Pawn Storm Campaign appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/586720.shtmlhttp://www.secuobs.com/revue/news/586720.shtml 2015-10-14 01:51:16 - Security Bloggers Network : Adobe has released 69 security updates to address multiple vulnerabilities found in its Flash, Reader, and Acrobat applications Make sure you update your systems as quickly as possible to protect against the critical flaws David Bisson reports http://www.secuobs.com/revue/news/586633.shtmlhttp://www.secuobs.com/revue/news/586633.shtml 2015-10-13 23:29:05 - Ars Technica Risk Assessment : Attacks used to hijack end users' computers when they visit booby-trapped sites http://www.secuobs.com/revue/news/586619.shtmlhttp://www.secuobs.com/revue/news/586619.shtml 2015-10-13 21:41:16 - TrendLabs Security Intelligence Blog : Analysis by Brooks Li, Feike Hacquebord, and Peter Pi Trend Micro researchers have discovered that the attackers behind Pawn Storm, the long-running cyber-espionage campaign, are using an Adobe Flash zero-day exploit code for their attacks The particular affected vulnerability is still unpatched, making Flash users vulnerable to attacks In this most recent campaign of Pawn Storm, several http://www.secuobs.com/revue/news/586612.shtmlhttp://www.secuobs.com/revue/news/586612.shtml 2015-09-30 03:20:25 - Reverse Engineering : submitted by bemitc link comment http://www.secuobs.com/revue/news/585117.shtmlhttp://www.secuobs.com/revue/news/585117.shtml 2015-09-23 12:20:34 - Acunetix Web Application Security Blog : South Korea has had over 110,000 cyber attacks in the last 5 years A recently released report has revealed that South Korean government agencies were subject to over 114,000 cyber attacks in the last five years The report, compiled using data from the National Computing and Information Agency shows that the departments targeted most frequently Read More The post In the headlines South Korea s cyber attacks, DHS networks, Adobe Shockwave Player and more appeared first on Acunetix http://www.secuobs.com/revue/news/584413.shtmlhttp://www.secuobs.com/revue/news/584413.shtml 2015-09-22 21:08:34 - TorrentFreak : Last year Adobe reported progress in the piracy fight, claiming that its new cloud-based subscription model was chipping away at the phenomenon by hard to measure amounts In an earnings call with investors Adobe has again reported progress, but despite the effort Photoshop and Illustrator are still massively popular with pirates Source TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services http://www.secuobs.com/revue/news/584346.shtmlhttp://www.secuobs.com/revue/news/584346.shtml 2015-09-22 12:37:39 - Security Bloggers Network : Why the rush Speculation suggests the company may be coming too close for comfort to public disclosure dates http://www.secuobs.com/revue/news/584271.shtmlhttp://www.secuobs.com/revue/news/584271.shtml 2015-09-22 12:37:39 - Security Bloggers Network : It's time to update Flash once again, and don't forget to reduce the attack surface by enabling Click to Play or uninstall it altogether The post Update Flash now Adobe releases patch, fixing critical security holes appeared first on We Live Sec http://www.secuobs.com/revue/news/584268.shtmlhttp://www.secuobs.com/revue/news/584268.shtml 2015-09-21 20:36:15 - Krebs on Security : Adobe has released a critical software update to fix nearly two-dozen security holes in its Flash Player browser plugin Separately, I want to take a moment to encourage users who have Adobe Shockwave Player installed to finally junk this program turns out Shockwave -- which comes with its own version of Flash -- is still woefully far behind in bundling the latest Flash fixes http://www.secuobs.com/revue/news/584201.shtmlhttp://www.secuobs.com/revue/news/584201.shtml 2015-09-21 20:15:35 - Security Bloggers Network : A surprise patch for Adobe Flash After not releasing a patch for Flash on Patch Tuesday 2 weeks ago, Adobe has now come out with APSB15-23 that addresses 23 vulnerabilities in Adobe Flash There are no known exploits for the vulnerabilities so most li http://www.secuobs.com/revue/news/584200.shtmlhttp://www.secuobs.com/revue/news/584200.shtml 2015-08-28 13:59:13 - Security Bloggers Network : The XXE security flaw could result in user information leaks and theft http://www.secuobs.com/revue/news/581728.shtmlhttp://www.secuobs.com/revue/news/581728.shtml 2015-08-28 13:59:13 - Security Bloggers Network : Google's move away from Flash will help reduce malvertising - the rogue web adverts that can infect your computer with malware as you browse a legitimate website http://www.secuobs.com/revue/news/581727.shtmlhttp://www.secuobs.com/revue/news/581727.shtml 2015-08-17 14:56:28 - Security Bloggers Network : Adobe have now settled claims for their 2013 data breach in which 38 million users had been affected The post Adobe Settle Claims for 2013 Data Breach appeared first on The State of Security http://www.secuobs.com/revue/news/580419.shtmlhttp://www.secuobs.com/revue/news/580419.shtml 2015-08-15 02:46:49 - Office of Inadequate Security : Jonny Bonner reports Adobe is on the hook for 11 million in legal fees and an undisclosed sum to users http://www.secuobs.com/revue/news/580256.shtmlhttp://www.secuobs.com/revue/news/580256.shtml 2015-08-12 17:28:20 - Security Bloggers Network : The rapid growth of people using ad blockers is costly to publishers and advertisers - and the trend looks to only grow worse for website owners as ad blocking comes to mobile devices http://www.secuobs.com/revue/news/579992.shtmlhttp://www.secuobs.com/revue/news/579992.shtml 2015-08-12 12:48:43 - Security Bloggers Network : If you still have Adobe Flash installed on your computer, you should patch it pronto - regardless of whether you are running Windows, OS X or Linux http://www.secuobs.com/revue/news/579964.shtmlhttp://www.secuobs.com/revue/news/579964.shtml 2015-08-12 03:07:17 - Security Bloggers Network : Watch Qualys coverage of Adobe, Microsoft and FireFox Patches - August 2015 http://www.secuobs.com/revue/news/579924.shtmlhttp://www.secuobs.com/revue/news/579924.shtml 2015-08-12 01:07:18 - Krebs on Security : Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system Not to be left out of Patch Tuesday, Oracle's chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down http://www.secuobs.com/revue/news/579920.shtmlhttp://www.secuobs.com/revue/news/579920.shtml 2015-08-11 20:13:50 - Security Bloggers Network : The plugin maker has patched dozens of flaws, five of which are considered priority fixes http://www.secuobs.com/revue/news/579893.shtmlhttp://www.secuobs.com/revue/news/579893.shtml 2015-07-30 16:38:23 - Security Bloggers Network : How to disable Flash The end of Adobe s Flash Player is near Most of the remaining Flash on the web are advertisements or fancy movies, created years ago If you don t need Flash any longer, these steps help you to disable it in Chrome Step 1 Open plugins Go to The post Quick Tip Disable Adobe Flash Player in Chrome appeared first on Linux Audit http://www.secuobs.com/revue/news/578899.shtmlhttp://www.secuobs.com/revue/news/578899.shtml 2015-07-22 17:32:29 - Help Net Security : Adobe has been dealt a heavy blow after the Hacking Team data dump produced three Flash Player zero-day exploits and they begun being exploited in the wild While Adobe was working on a fix, Mozill http://www.secuobs.com/revue/news/577991.shtmlhttp://www.secuobs.com/revue/news/577991.shtml 2015-07-21 22:19:33 - Security Bloggers Network : Using Adobe Flash can put your security and privacy at risk Here's how to disable the plugin on Windows and Mac, and all major browsers http://www.secuobs.com/revue/news/577895.shtmlhttp://www.secuobs.com/revue/news/577895.shtml 2015-07-20 02:33:48 - Security Bloggers Network : On July 14, FireEye researchers discovered attacks exploiting the Adobe Flash vulnerability CVE-2015-5122, just four days after Adobe released a patch CVE-2015-5122 was the second Adobe Flash zero-day revealed in the leak of HackingTeam s internal data The campaign targeted Japanese organizations by using at least two legitimate Japanese websites to host a strategic web compromise SWC , where victims ultimately downloaded a variant of the SOGU malware Strategic Web Compromise At least two different Japanese websites were compromised to host the exploit framework and malicious downloads Japan s International Hospitality and Conference Service Association IHCSA website hxxp wwwihcsa or jp in Figure 1 IMAGE Figure 1 IHCSA website Japan s Cosmetech Inc website hxxp cosmetech co jp0 The main landing page for the attacks is a specific URL seeded on the IHCSA website hxxp wwwihcsa or jp zaigaikoukan zaigaikoukansencho-1 , where users are redirected to the HackingTeam Adobe Flash framework hosted on the second compromised Japanese website We observed in the past week this same basic framework across several different SWCs exploiting the older CVE-2015-5119 Adobe Flash vulnerability in Figure 2 IMAGE Figure 2 First portion of exploit chain The webpage hxxp cosmetech co jp css moviehtml is built with the open source framework Adobe Flex and checks if the user has at least Adobe Flash Player version 1140 installed If the victim has the correct version of Flash, the user is directed to run a different, more in-depth profiling script hxxp cosmetechcojp css swfobjectjs , which checks for several more conditions in addition to their version of Flash If the conditions are not met then the script will not attempt to load the Adobe Flash SWF file into the user s browser In at least two of the incidents we observed, the victims were running Internet Explorer 11 on Windows 7 machines The final component is delivering a malicious SWF file, which we confirmed exploits CVE-2015-5122 on Adobe Version 1800203 for Windows in Figure 3 IMAGE ------- Figure 3 Malicious SWF download SOGU Malware, Possible New Variant ---------------------------------- After successful exploitation, the SWF file dropped a SOGU variant a backdoor widely used by Chinese threat groups and also known as Kaba in a temporary directory under AppDataLocal The directory contains the properties and configuration in Figure 4 Filename Rdwsexe Size 413696 bytes MD5 5a22e5aee4da2fe363b77f1351265a00 Compile Time 2015-07-13 08 11 01 SHA256 df5f1b802d553cddd3b99d1901a87d0d1f42431b366cfb0ed25f465285e38d27 SSDeep 6144 Na PSOE9OPXCQpA3abFUntBrDP3FVPsCE2NiYfFei78GlGeYO IPSOE9OPXCQ pAK5YBvPPPrZVkiY2Y Import Hash ae984e4ab41d192d631d4f923d9210e4 PEHash 57e6b26eac0f34714252957d26287bc93ef07db2 text e683e1f9fb674f97cf4420d15dc09a2b rdata 3a92b98a74d7ffb095fe70cf8acacc75 data b5d4f68badfd6e3454f8ad29da54481f rsrc 474f9723420a3f2d0512b99932a50ca7 C2 Password gogogod Memo 201507122359 Process Inject Targets pourcentswindirpourcentssystem32svchostexe Sogu Config Encoder sogu_20140307 Mutex Name ZucFCoeHa8KvZcj1FO838HN wz4xSdmm1 Figure 4 SOGU Binary Rdwsexe The compile timestamp indicates the malware was assembled on July 13, less than a day before we observed the SWC We believe the time stamp in this case is likely genuine, based on the time line of the incident The SOGU binary also appears to masquerade as a legitimate Trend Micro file named VizorHtmlDialogexe in Figure 5 LegalCopyright Copyright C 2009-2010 Trend Micro Incorporated All rights reserved InternalName VizorHtmlDialog FileVersion 3001303 CompanyName Trend Micro Inc PrivateBuild Build 1303 - 8 8 2010 LegalTrademarks Trend Micro Titanium is a registered trademark of Trend Micro Incorporated Comments ProductName Trend Micro Titanium SpecialBuild 1303 ProductVersion 30 FileDescription Trend Titanium OriginalFilename VizorHtmlDialogexe Figure 5 Rdwsexe version information The threat group likely used Trend Micro, a security software company headquartered in Japan, as the basis for the fake file version information deliberately, given the focus of this campaign on Japanese organizations SOGU Command and Control The SOGU variant calls out to a previously unobserved command and control CnC domain, amxil opmuert org over port 443 in Figure 6 It uses modified DNS TXT record beaconing with an encoding we have not previously observed with SOGU malware, along with a non-standard header, indicating that this is possibly a new variant IMAGE Figure 6 SOGU C2 beaconing The WHOIS registrant email address for the domain did not indicate any prior malicious activity, and the current IP resolution 5416989240 is for an Amazon Web Services IP address Another Quick Turnaround on Leveraging HackingTeam Zero-Days Similar to the short turnaround time highlighted in our blog on the recent APT3 APT18 phishing attacks, the threat actor quickly employed the leaked zero-day vulnerability into a SWC campaign The threat group appears to have used procured and compromised infrastructure to target Japanese organizations In two days we have observed at least two victims related to this attack We cannot confirm how the organizations were targeted, though similar incidents involving SWC and exploitation of the Flash vulnerability CVE-2015-5119 lured victims with phishing emails Additionally, the limited popularity of the niche site also contributes to our suspicion that phishing emails may have been the lure, and not incidental web browsing Malware Overlap with Other Chinese Threat Groups We believe that this is a concerted campaign against Japanese companies given the nature of the SWC The use of SOGU malware and dissemination method is consistent with the tactics of Chinese APT groups that we track Chinese APT groups have previously targeted the affected Japanese organizations, but we have yet to confirm which group is responsible for this campaign Why Japan In this case, we do not have enough information to discern specifically what the threat actors may have been pursuing The Japanese economy s technological innovation and strengths in high-tech and precision goods have attracted the interest of multiple Chinese APT groups, who almost certainly view Japanese companies as a rich source of intellectual property and competitive intelligence The Japanese government and military organizations are also frequent targets of cyber espionage 1 Japan s economic influence, alliance with the United States, regional disputes, and evolving defense policies make the Japanese government a dedicated target of foreign intelligence Recommendations FireEye maintains endpoint and network detection for CVE-2015-5122 and the backdoor used in this campaign FireEye products and services identify this activity as SOGU Kaba within the user interface Additionally, we highly recommend Applying Adobe s newest patch for Flash immediately Querying for additional activity by the indicators from the compromised Japanese websites and the SOGU malware callbacks Blocking CnC addresses via outbound communications and Scope the environment to prepare for incident response 1 Humber, Yuriy and Gearoid Reidy Yahoo Hacks Highlight Cyber Flaws Japan Rushing to Twart BloombergBusiness 8 July 2014 http wwwbloombergcom news articles 2014-07-08 yahoo-hacks-highlight-cyber-flaws-japan-rushing-to-thwart Japanese Ministry of Defense Trends Concerning Cyber Space Defense of Japan 2014 http wwwmodgojp e publ w_paper pdf 2014 DOJ2014_1-2-5_web_1031pdf LAC Corporation Cyber Grid View, Vol 1 http wwwlaccojp security report pdf apt_report_vol1_enpdf Otake, Tomoko Japan Pension Service hack used classic attack method Japan Times 2 June 2015 http wwwjapantimescojp news 2015 06 02 national social-issues japan-pension-service-hack-used-classic-attack-method http://www.secuobs.com/revue/news/577614.shtmlhttp://www.secuobs.com/revue/news/577614.shtml 2015-07-18 01:51:24 - Security Bloggers Network : Avast Software Updater helps you apply software updates Earlier this week, we told our readers about the three Flash Player zero-day vulnerabilities that were found in stolen files that were leaked from the Hacking Team We advised Avast users to disable Flash until the bugs are fixed It doesn t look good for Flash Because of IMAGE http://www.secuobs.com/revue/news/577525.shtmlhttp://www.secuobs.com/revue/news/577525.shtml 2015-07-17 14:39:29 - Security Bloggers Network : Adobe and Google s Project Zero recently worked together on outfitting the latest version of Flash with new exploit mitigations This collaborative effort comes on the heels of the disclosure of three zero-day security vulnerabilities in Flash as part of this month s Hacking Team leaks According to a blog post written by Mark Brand and Chris Read More The post Adobe Flash Outfitted with New Exploit Mitigations appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/577457.shtmlhttp://www.secuobs.com/revue/news/577457.shtml 2015-07-15 19:48:17 - TrendLabs Security Intelligence Blog : July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported In this month s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak The said vulnerability, covered in MS15-065 and rated as critical , could allow attackers Post from Trendlabs Security Intelligence Blog - by Trend Micro July 2015 Patch Tuesday Microsoft, Adobe, and Oracle Roll out Security Patches for Zero-Day Vulnerabilities http://www.secuobs.com/revue/news/577213.shtmlhttp://www.secuobs.com/revue/news/577213.shtml 2015-07-15 12:44:34 - Acunetix Web Application Security Blog : Hacking Team data leak result of Adobe Flash Zero day vulnerability If you ve seen any security news this last week then it will have been impossible to miss the fact that Italian security company Hacking Team suffered a breach The implications of this are huge, largely because of their, previously classified, customer base It was Read More The post In the headlines Adobe Flash zero day and Java zero day vulnerabilities, and more appeared first on Acunetix http://www.secuobs.com/revue/news/577139.shtmlhttp://www.secuobs.com/revue/news/577139.shtml 2015-07-15 02:32:36 - Security Bloggers Network : Watch Qualys coverage of Adobe, Microsoft and Oracle Patch Tuesday - July 2015 http://www.secuobs.com/revue/news/577091.shtmlhttp://www.secuobs.com/revue/news/577091.shtml 2015-07-14 22:14:07 - Krebs on Security : This being the second Tuesday of the month, it's officially Patch Tuesday But it's not just Windows users who need to update today Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java http://www.secuobs.com/revue/news/577073.shtmlhttp://www.secuobs.com/revue/news/577073.shtml 2015-07-14 20:44:34 - Security Bloggers Network : The update comes just hours after Firefox blocked the browser plugin after the flaw was being exploited in the wild http://www.secuobs.com/revue/news/577062.shtmlhttp://www.secuobs.com/revue/news/577062.shtml 2015-07-14 18:53:58 - Help Net Security : Adobe has released new versions of Flash Player, Shockwave Player and Acrobat and Reader, all of which fix critical vulnerabilities that could potentially allow an attacker to take control of the affe http://www.secuobs.com/revue/news/577049.shtmlhttp://www.secuobs.com/revue/news/577049.shtml 2015-07-14 18:19:24 - Security Bloggers Network : Whatever you think of Flash, you have to admire Adobe's speedy response to the vulnerabilities Perhaps describing the company as saviour of the universe is going a bit too far though http://www.secuobs.com/revue/news/577047.shtmlhttp://www.secuobs.com/revue/news/577047.shtml 2015-07-14 17:40:55 - Ars Technica Risk Assessment : Attack code has already been published, all but assuring exploits will go wild http://www.secuobs.com/revue/news/577037.shtmlhttp://www.secuobs.com/revue/news/577037.shtml 2015-07-14 17:32:59 - Security Labs : Following on from the revelation of a 0-day in Adobe Flash in June 2015 CVE-2015-3113, since patched 3 further 0-days have been discovered in the last 3 weeks The 3 have references CVE-2015-3119, CVE-2015-5122, and CVE-2015-5123 The knowledge of the 0-day Proof of Concept code arose from analysis of the data breach from the Italian Hacking Team company The journey from discovery to exploit kit Within hours of the exploit code being made public it was observed to have been incorporated into exploit kits including Angler, Neutrino, and NuclearPack Telemetry from our ThreatSeeker Intelligence Cloud shows a spike in the the number of NuclearPack security incidents that we identified and protected against over the last few days Is your browser trying to tell you something Firefox has been configured to block the Flash plugin aka Shockwave Flash by default You can see this through a warning presented underneath your address bar when you browse to a website that uses Flash, or there will be an overlay to the Flash artifact that would have been displayed Further you can access the information via Menu Add-ons Plugins The example below tells us that the version of Flash Player in our environment is known to be vulnerable How to update your Flash Player You can check which version of Flash Player you have running here http wwwadobecom software flash about For example, the Adobe website is able to tell us that we are running an older version of Adobe Flash Player in our virtual environment The latest version of Flash as of 14 July 2015 2 30pm BST is 1800209, 112202481, or 112202223 depending on your OS and browser combination You can download the latest version of Flash here https getadobecom flashplayer You can monitor the Adobe Product Security Incident Response Team PSIRT Blog at https blogsadobecom psirt for details of any upcoming patches should any further vulnerabilities beidentified Protection Offered to RaytheonWebsense Customers CVE-2015-5119 A Case Study These vulnerabilities, if and when incorporated into existing exploit kits, will still be blocked by RaytheonWebsense solutions because we have a variety of detection techniques across the 7 Stages of Advanced Threats via real-time analytics within ACE, our Advanced Classification Engine This includes Stage 3 Redirect - the detection of known malicious sites Stage 6 Call Home - detection of command and control channels Stage 7 Data Theft to reduce the occurrence of data exfiltration If exploitation of these vulnerabilities is incorporated into wholly new exploit kits then we are capable of detecting malicious behaviour through our heuristics, behavioural monitoring, and analysis techniques We will update coverage as necessary to keep our customers protected What do we know about these vulnerabilities Here is a quick summary of the 4 vulnerabilities and their related patches CVE identifier CVE-2015-3113 Rating Critical Impact Remote code execution and DDOS Affected version 1800161 Patched Yes, in version 1800194 CVE identifier CVE-2015-5119 Rating Critical Impact Remote code execution and DDOS Affected version 1800194 Patched Yes, in version 1800203 CVE identifier CVE-2015-5122 Rating Critical Affected version 1800204 and others Patched Yes, in version 1800209 released today, see https helpxadobecom security products flash-player apsb15-18html CVE identifier CVE-2015-5123 Rating Critical Affected version 1800204 and others Patched Yes, in version 1800209 today, see https helpxadobecom security products flash-player apsb15-18html Contributors Andy Settle http://www.secuobs.com/revue/news/577036.shtmlhttp://www.secuobs.com/revue/news/577036.shtml 2015-07-14 17:07:05 - Security Bloggers Network : Mozilla has blocked every version of Adobe Flash Player running in its Firefox web browser and will continue to do so until Adobe has patched certain publicly known security vulnerabilities Firefox users who seek to view videos, adverts, and other Flash-based content will now be required to dismiss a warning that reads, Flash is known Read More The post Mozilla Blocks All Versions of Adobe Flash Until Publicly Known Security Vulnerabilities Are Fixed appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/577031.shtmlhttp://www.secuobs.com/revue/news/577031.shtml 2015-07-14 10:43:15 - Security Bloggers Network : Last Friday, Adobe confirmed two new critical zero-day flaws in the Adobe Flash Player browser plugin 1800204 and earlier versions for Windows, Mac OS X, and Linux Today, a third flaw was found Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages IMAGE http://www.secuobs.com/revue/news/576959.shtmlhttp://www.secuobs.com/revue/news/576959.shtml 2015-07-14 02:36:59 - Security Bloggers Network : With the leak of Hacking Team's data, the security industry came to learn about multiple new 0day vulnerabilities targeting Flash, Internet Explorer, Android, etc As always, exploit kit authors were quick to incorporate these 0day exploits into the http://www.secuobs.com/revue/news/576943.shtmlhttp://www.secuobs.com/revue/news/576943.shtml 2015-07-13 19:47:50 - Security Bloggers Network : Adobe devs must be working overtime to fix the latest vulnerabilities revealed through the Hacking Team cyberattack http://www.secuobs.com/revue/news/576911.shtmlhttp://www.secuobs.com/revue/news/576911.shtml 2015-07-13 19:37:59 - Symantec Connect Security Response Billets : Exploits continue to leak from the Hacking Team breach, as the latest unpatched Adobe Flash Player bug comes from the stolen cache IMAGE Read More http://www.secuobs.com/revue/news/576905.shtmlhttp://www.secuobs.com/revue/news/576905.shtml 2015-07-13 16:08:24 - TrendLabs Security Intelligence Blog : Is it time to hop off the endless cycle of Flash vulnerabilities and updates Last week has not been great for Adobe Flash The 440GB of leaked Hacking Team emails has become a treasure trove for vulnerability hunters Over the past 7 days, Flash was hit by three separate vulnerabilities CVE-2015-5119 CVE-2015-5122 CVE-2015-5123 At this time, only the Post from Trendlabs Security Intelligence Blog - by Trend Micro The Adobe Flash Conundrum Old Habits Die Hard http://www.secuobs.com/revue/news/576880.shtmlhttp://www.secuobs.com/revue/news/576880.shtml 2015-07-12 09:17:06 - TrendLabs Security Intelligence Blog : After two Adobe Flash player zero-days disclosed in a row from the leaked data of Hacking Team, we discovered another Adobe Flash Player zero-day assigned with CVE number, CVE-2015-5123 that surfaced from the said leak Adobe has already released a security advisory after we reported the said zero-day This vulnerability is rated as critical and Post from Trendlabs Security Intelligence Blog - by Trend Micro New Zero-Day Vulnerability CVE-2015-5123 in Adobe Flash Emerges from Hacking Team Leak http://www.secuobs.com/revue/news/576804.shtmlhttp://www.secuobs.com/revue/news/576804.shtml 2015-07-11 17:07:35 - CNIS mag : Le correctif de mercredi dernier ne suffisait pas, malgré la série de ZDE colmatés dans l urgence Dans la soirée de vendredi, Adobe, grand pourvoyeur de trous devant l éternel transalpin, a taillé un respectable bouchon immatriculé CVE-2015-5122 Le trou faisant partie de la collection privée des exploits du Hacking Team, lesquels se retrouvent un peu http://www.secuobs.com/revue/news/576786.shtmlhttp://www.secuobs.com/revue/news/576786.shtml 2015-07-11 16:43:40 - Symantec Connect Security Response Billets : Yet Another Adobe Flash Player Zero-Day from Hacking Team Breach Read More http://www.secuobs.com/revue/news/576784.shtmlhttp://www.secuobs.com/revue/news/576784.shtml 2015-07-11 07:28:53 - Krebs on Security : For the second time in a week, Adobe Systems Inc says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that s long been accused of helping repressive regimes spy on dissident groups http://www.secuobs.com/revue/news/576764.shtmlhttp://www.secuobs.com/revue/news/576764.shtml 2015-07-11 01:04:14 - CNIS mag : Passons rapidement sur l alerte lancée dans la plus grande des urgences par Adobe et qui concerne le énième défaut affectant une nouvelle fois Flash Player L exploitation de CVE-2015-3113 pourrait rendre possible une prise de contrôle à distance précise le bulletin Le conditionnel peut être éliminé d office, car lorsqu un avertissement de ce type est http://www.secuobs.com/revue/news/576748.shtmlhttp://www.secuobs.com/revue/news/576748.shtml 2015-07-08 17:35:55 - Ars Technica Risk Assessment : Hours after the 0day was found, it was added to popular exploit kits http://www.secuobs.com/revue/news/576492.shtmlhttp://www.secuobs.com/revue/news/576492.shtml 2015-07-08 14:37:34 - Office of Inadequate Security : Adobe is expected to issue a patch for a vulnerability its Flash Player today to address a zero-day that was included in the http://www.secuobs.com/revue/news/576463.shtmlhttp://www.secuobs.com/revue/news/576463.shtml 2015-07-07 22:37:33 - Krebs on Security : Adobe Systems Inc said today it plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that's long been accused of helping repressive regimes spy on dissident groups http://www.secuobs.com/revue/news/576415.shtmlhttp://www.secuobs.com/revue/news/576415.shtml 2015-06-26 19:54:43 - Security Bloggers Network : IMAGE Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source http://www.secuobs.com/revue/news/575614.shtmlhttp://www.secuobs.com/revue/news/575614.shtml 2015-06-26 18:14:14 - Security Bloggers Network : Regards, Hey Everybody Welcome to our 40th HackerKast Thanks for listening as always and lets get to the news Our first story to chat about this week was news bubbling up still about the recent OPM breach This time, the news outlets are latching on to the fact that data encryption wouldn t have helped them http://www.secuobs.com/revue/news/575601.shtmlhttp://www.secuobs.com/revue/news/575601.shtml 2015-06-24 19:20:34 - Ars Technica Risk Assessment : Phishing e-mails offered refurbished iMacs, instead delivered pwnage http://www.secuobs.com/revue/news/575321.shtmlhttp://www.secuobs.com/revue/news/575321.shtml 2015-06-24 18:48:19 - Security Bloggers Network : A Google Project Zero researcher has revealed the existence of 15 vulnerabilities in the software, including critical issues and one exploit which may completely bypass all system defense http://www.secuobs.com/revue/news/575316.shtmlhttp://www.secuobs.com/revue/news/575316.shtml 2015-06-24 18:04:32 - Security Labs : Websense Security Labs researchers are aware of a vulnerability within Adobe Flash Player, CVE-2015-3113 Exploitation of the vulnerability leads to a buffer overflow which can be abused by a malware author to execute arbitrary code on the compromised machine Adobe have deemed this vulnerability critical In the wild, exploitation of this vulnerability has been observed using our ThreatSeeker Intelligence Cloud Observed Behaviour In The Wild Websense Security Labs have been tracking abuse of this 0-day in the wild since the start of June 2015 A typical threat lifecycle is followed from reconnaissance, lure, redirect, exploit, payload, call home Observed lure artefacts take the form of emails which contain a link to a website in the Ukrainian TLD space The email subject hints at a 2015 Program Kick Off and the body references a meeting for which the recipient is invited to click a link to find out more Observed target industries include the engineering and science sectors Exposure Microsoft Windows 8 users of Google Chrome and Internet Explorer should be automatically updated Adobe have advised users of Internet Explorer for Windows 7 and below, as well as users of Firefox on Windows XP, that those platform combinations are known targets More information on the vulnerability and affected version is available in Adobe's Security Bulletin APSB15-14 Impact Websense customers are protected against this threat via real-time analytics within ACE, the Websense Advanced Classification Engine, at the following stages Stage 2 lure - ACE has protection for the initial lure emails Stage 3 redirect - ACE has protection for the website used to direct end users to the payload Further information on the 7 Stages of Advanced Attacks threat lifecycle model can be found here Mitigation Adobe have released an update to various versions of Flash Player Customers are encouraged to apply the latest version of Adobe Flash Player as soon as possible The latest versions can be found here https getadobecom flashplayer An alternative mitigation strategy would be to consider if disabling Flash Player is appropriate in your environment Websense Security Labs will continue to monitor this threat and will provide updates as appropriate http://www.secuobs.com/revue/news/575306.shtmlhttp://www.secuobs.com/revue/news/575306.shtml 2015-06-24 17:03:53 - Security Bloggers Network : A hacker has published an extensive list of Adobe Reader and Windows vulnerabilities based on his research into a relatively obscure area of font management The post Critical vulnerabilities in Windows and Adobe Reader exposed by hacker appeared first http://www.secuobs.com/revue/news/575294.shtmlhttp://www.secuobs.com/revue/news/575294.shtml 2015-06-24 09:35:21 - TrendLabs Security Intelligence Blog : Earlier we talked about the out-of-band update for Flash Player that was released by Adobe identified as APSB15-14 that was released to fix CVE-2015-3113 This update raised the Flash Player version to 1800194 Our analysis of the current flaw reveals that the root cause of CVE-2015-3113 is similar to CVE-2015-3043 Both cause a buffer overflow within the Flash Player code Post from Trendlabs Security Intelligence Blog - by Trend Micro New Adobe Zero-Day Shares Same Root Cause as Older Flaws http://www.secuobs.com/revue/news/575213.shtmlhttp://www.secuobs.com/revue/news/575213.shtml 2015-06-23 23:03:10 - Security Bloggers Network : Adobe came out today with an out-of-band patch APSB15-14 for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day FireEye had notified them of a critical vulnerability CVE-2015-3113 that they discovered in use http://www.secuobs.com/revue/news/575188.shtmlhttp://www.secuobs.com/revue/news/575188.shtml 2015-06-23 21:44:31 - Symantec Connect Security Response Billets : Adobe has patched a Flash vulnerability that allowed attackers to remotely execute arbitrary code IMAGE Read More http://www.secuobs.com/revue/news/575183.shtmlhttp://www.secuobs.com/revue/news/575183.shtml 2015-06-23 21:19:36 - Security Bloggers Network : News today, Brian Krebs reports of a new Adobe Flash zero-day and its associated critical patch According to Krebs, Adobe claims the exploit CVE-2015-3113 is already being used in targeted attacks, so security teams should be on high alert Adobe has published a security bulletin that indicates systems running Internet Explorer on Windows 7 are http://www.secuobs.com/revue/news/575179.shtmlhttp://www.secuobs.com/revue/news/575179.shtml 2015-06-23 20:44:44 - Security Bloggers Network : The out-of-band patch fixes a flaw that affects Windows and Firefox users http://www.secuobs.com/revue/news/575175.shtmlhttp://www.secuobs.com/revue/news/575175.shtml 2015-06-23 19:37:46 - TrendLabs Security Intelligence Blog : Adobe has just released an update to address a vulnerability found in its Flash Player browser plug-in In its security advisory APSB15-14 , Adobe notes that this vulnerability is being actively exploited in the wild via limited, targeted attacks Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are Post from Trendlabs Security Intelligence Blog - by Trend Micro Adobe Issues Emergency Patch for Flash Zero-Day http://www.secuobs.com/revue/news/575164.shtmlhttp://www.secuobs.com/revue/news/575164.shtml 2015-06-23 19:04:40 - Security Bloggers Network : Adobe has already released a patch for CVE-2015-3113 with an out-of-band security bulletin https helpxadobecom security products flash-player apsb15-14html FireEye recommends that Adobe Flash Player users update to the latest version as soon as possible FireEye MVX detects this threat as a web infection, the IPS engine reports the attack as CVE-2015-3113, and the SHOTPUT backdoor is reported as BackdoorAPTCookieCutter APT3 ---- The threat group FireEye tracks as APT3, aka UPS, is responsible for this exploit and the activity identified in our previous blog post, Operation Clandestine Fox This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks and has been the first group to have access to a few browser-based zero-day exploits eg, Internet Explorer, Firefox, and Adobe Flash Player After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors APT3 s command and control CnC infrastructure is difficult to track, as there is little overlap across campaigns Activity Overview ----------------- In the last several weeks, APT3 actors launched a large-scale phishing campaign against organizations in the following industries Aerospace and Defense Construction and Engineering High Tech Telecommunications Transportation Upon clicking the URLs provided in the phishing emails, targets were redirected to a compromised server hosting JavaScript profiling scripts Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF file and an FLV file, detailed below This ultimately resulted in a custom backdoor known as SHOTPUT, detected by FireEye as BackdoorAPTCookieCutter, being delivered to the victim s system The payload is obscured using xor encoding and appended to a valid GIF file We ve named the operation according to the contents of the GIF animation Attack Vector ------------- The phishing emails used by APT3 during this campaign were extremely generic in nature, almost appearing to be spam An example email body Save between 200-450 by purchasing an Apple Certified Refurbished iMac through this link Refurbished iMacs come with the same 1-year extendable warranty as new iMacs Supplies are limited, but update frequently Don't hesitate Go to Sale The string Go to Sale was a link that used the following URL structure hxxp html Exploit Details --------------- The attack exploits an unpatched vulnerability in the way Adobe Flash Player parses Flash Video FLV files The exploit uses common vector corruption techniques to bypass Address Space Layout Randomization ASLR , and uses Return-Oriented Programming ROP to bypass Data Execution Prevention DEP A neat trick to their ROP technique makes it simpler to exploit and will evade some ROP detection techniques Shellcode is stored in the packed Adobe Flash Player exploit file alongside a key used for its decryption The payload is xor encoded and hidden inside an image Exploit Packaging The Adobe Flash Player exploit is packed with a simple RC4 packer The RC4 key and ciphertext are BinaryData blobs that the packer uses to decrypt the layer 2 Adobe Flash Player file Once decrypted, layer 2 is executed with loaderloadBytes Vector Corruption Layer 2 uses a classic Adobe Flash Player Vector corruption technique to develop its heap corruption vulnerability to a full relative read write available to ActionScript3 In this technique, the attacker sprays Adobe Flash Player Vectors to the heap, and triggers a write vulnerability to change the size of one of the vectors The attacker can then perform subsequent reads and writes to memory outside the intended boundaries of the corrupted Vector object from AS3 For more details on this technique, see Flash in 2015 Once the attacker has limited read write access to memory, they choose to corrupt a second Vector to increase their access to a range of 0x3fffffff bytes This second Vector is used for the remainder of the exploit Return-Oriented Programming The attackers use a ROP chain to call kernel32 VirtualAlloc to mark their shellcode as executable before jumping to their shellcode Instead of writing their ROP chain to the heap along with their shellcode and payload, they used a different technique Usually, exploit developers will corrupt a built-in Adobe Flash Player object such as a Sound object, or more recently the ByteArray object to utilize CoreSecurity s Control Flow Guard CFG bypass Instead, the attackers chose to define their own class in AS3 with a function that takes a lot of arguments class CustomClass public function victimFunction arg1 uint, arg2 uint, , arg80 uint uint Then, the attackers can simply overwrite the function pointer with a gadget that adds to the stack pointer and returns to pivot to ROP They have no need to identify the absolute address of the ROP chain and preserve it in a register for a typical xchg reg32, esp pivot Additionally, storing the ROP chain on the stack will evade ROP detection mechanisms designed around detecting when the stack pointer points outside of a thread s stack region thiscustomObjvictimFunction 6f73b68b, ret ROPsled , 6f73b68a, pop eax 1f140100, 6fd36da1, call Kernel32 VirtualAlloc 0x1f140000, 0x10000, 0x1000, 0x40 1f140000, Address 00010000, Size 00001000, Type 00000040, Protection RWX 6f73b68b 9 ret ROPsled 6fd36da7 2 ret 6f73aff0 pop ecx 6fd36da7 6fd36da7 jmp eax thiscustomObjvictimFunction pointer modified to 00000000 6de533dc 5e pop rsi 00000000 6de533dd 83c448 add esp,48h 00000000 6de533e0 c3 ret Lastly, the ROP chain has a ROPsled following the call to VirtualAlloc This could just be an artifact of development, or it could be designed to bypass detection mechanisms that test for valid return addresses up to a limited depth at calls to VirtualAlloc Full Exploit Flow 1 Create a new Video object 2 Fetch the payload 3 Attach the video to a new NetStream 4 Spray the heap with Adobe Flash Player Vectors a Create a Vector containing 98688 Vectors containing 1022 uints b Set the first two dwords in each Vector to 0x41414141, 0x42424242 5 Create holes for the controlled FLV object a Free approximately every 3rd Vector in the spray 6 Spray custom class objects for future control transfer a Define a new class CustomClass i Define a function victimFunction with lots of arguments b Create a Vector of 0x100 Vectors of 1007 references to an CustomClass instance 7 Fetch and play the FLV exploit a The FLV file will allocate an attacker controlled object in one of the holes from step 5 b The attacker controlled object will overwrite the length field of an adjacent vector 8 Re-fill holes from step 5 with Vectors as in step 4 9 Find the corrupted vector a Search through Vectors from step 4 b Check the length of each Vector to find one that is abnormally large 10 Corrupt a second Vector Vector2 a Using the corrupted Vector from step 9 to read write relative memory addresses i Search memory for an adjacent vector ii Overwrite the length field with 0x3fffffff iii Verify that a corrupted vector with length 0x3fffffff now exists in the spray 1 If not, undo corruption and attempt to corrupt the next vector 11 Decrypt shellcode and store it and the payload on the heap 12 Overwrite the CustomClassvictimFunction function pointer a Find the sprayed CustomClass object instance references from step 6 b The new function is a form of pivot that transfers control to the attacker 13 Build ROP chain on the stack and call it a Find ROP gadgets in memory using Vector2 i Including a call to kernel32 VirtualAlloc b Call the corrupted CustomClassvictimFunction from step 6ai i Arguments to the function are the gadgets of the ROP chain ii They are conveniently pushed onto the stack iii Corrupted vtable from step 12 calls a pivot 1 The pivot just adds to to the stack pointer and returns because the ROP chain is on the stack 14 ROP chain calls shellcode a Call kernel32 VirtualAlloc b jmp to shellcode 15 Shellcode calls payload a Shellcode searches memory for the payload, which is stored inside an image b Shellcode decodes the payload by xoring each byte that is not 0 or 0x17 with 0x17 Conclusion ---------- Once APT3 has access to a target network, they work quickly and they are extremely proficient at enumerating and moving laterally to maintain their access Additionally, this group uses zero-day exploits, continually updated custom backdoors, and throwaway CnC infrastructure, making it difficult to track them across campaigns Acknowledgements ---------------- Thank you to the following contributors to this blog Joseph Obed, Ben Withnell, Kevin Zuk, Genwei Jiang, and Corbin Souffrant of FireEye http://www.secuobs.com/revue/news/575154.shtmlhttp://www.secuobs.com/revue/news/575154.shtml 2015-06-23 18:13:41 - Krebs on Security : Adobe Systems Inc today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible http://www.secuobs.com/revue/news/575149.shtmlhttp://www.secuobs.com/revue/news/575149.shtml 2015-06-23 14:47:39 - Krebs on Security : I've spent the better part of the last month running a little experiment to see how much I would miss Adobe's buggy and insecure Flash Player software if I removed it from my systems altogether Turns out, not so much http://www.secuobs.com/revue/news/575100.shtmlhttp://www.secuobs.com/revue/news/575100.shtml 2015-06-19 16:46:44 - Office of Inadequate Security : Sarah Martin reports A security breach that led to the personal information of up to 17 million Australians being hacked http://www.secuobs.com/revue/news/574709.shtmlhttp://www.secuobs.com/revue/news/574709.shtml 2015-06-16 16:11:06 - TrendLabs Security Intelligence Blog : Adobe may have already patched a Flash Player vulnerability last week, but several users especially those in the US, Canada, and the UK are still currently exposed and are at risk of getting infected with CryptoWall 30 The Magnitude Exploit Kit included an exploit for the said vulnerability, allowing attackers to spread crypto-ransomware into their target Post from Trendlabs Security Intelligence Blog - by Trend Micro Magnitude Exploit Kit Uses Newly Patched Adobe Vulnerability US, Canada, and UK are Most At Risk http://www.secuobs.com/revue/news/574255.shtmlhttp://www.secuobs.com/revue/news/574255.shtml 2015-06-13 11:06:58 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Flash Player http://www.secuobs.com/revue/news/573908.shtmlhttp://www.secuobs.com/revue/news/573908.shtml 2015-06-10 09:44:42 - Help Net Security : In the first quarter of 2015, McAfee Labs registered a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Tes http://www.secuobs.com/revue/news/573548.shtmlhttp://www.secuobs.com/revue/news/573548.shtml 2015-05-28 10:04:56 - Vigilance vulnérabilités publiques : Un attaquant peut forcer la lecture à une adresse invalide dans CoolTypedll de Adobe Reader, afin de mener un déni de service http://www.secuobs.com/revue/news/572200.shtmlhttp://www.secuobs.com/revue/news/572200.shtml 2015-05-27 02:25:58 - Security Bloggers Network : FireEye has detected a new attack by the Angler Exploit Kit EK that exploits CVE-2015-3090 in Adobe Flash Player Angler began exploiting CVE-2015-3090 about two weeks after Adobe released a patch Patch May 11, 2015, Exploit approx May 26, 2015 Exploit kits particularly Angler and Nuclear regularly exploit recently patched Flash vulnerabilities In April, they exploited CVE-2015-0359 patched earlier in April In March, they exploited CVE-2015-0336 patched earlier in March Earlier in the year and at the end of 2014 , they exploited unpatched vulnerabilities CVE-2015-0311, CVE-2015-0313 and a leak, CVE-2015-0310 The trend is not new, but it is worrisome Exploit Overview The attack uses common Exploit Kit obfuscations SecureSWF and techniques that we discussed in earlier blogs They also use the CFG bypass bytearraytostring as the CVE-2015-0359 exploit last month FlashVars were used to determine the URL to the next stage of the attack The exploit for CVE-2015-3090 involves a race condition in the shader class, in which asynchronously modifying the width height of a shader object while starting a shader job will result in a memory corruption vulnerability Angler uses this to execute arbitrary code and infect unpatched users systems Exploit Details The exploit follows the steps below 1 Check if target is vulnerable 2 Create a vector of length 0x400 filled with vectors of length 0xA6 3 Create a ShaderJob and set its width to 0 4 Start the ShaderJob 5 Set the ShaderJob width to 0x25E 6 Wait 0x12C before continuing 7 Loop through the vector from step 2, and find one whose length is not 0xA6 or 0xA6 2 This is the corrupted vector used for out-of-bounds memory accesses 8 Post-corruption exploitation techniques are the same as last month s CVE-2015-0359 exploit, culminating in a control-flow transfer to the attacker via bytearraytoString circumventing CFG Acknowledgements Thank you to Henry Bernabe of FireEye for working with us on this issue http://www.secuobs.com/revue/news/572046.shtmlhttp://www.secuobs.com/revue/news/572046.shtml 2015-05-11 14:33:29 - Security Bloggers Network : The technology giant will issue fixes for critical flaws in its PDF software http://www.secuobs.com/revue/news/570342.shtmlhttp://www.secuobs.com/revue/news/570342.shtml 2015-05-06 09:15:47 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Flash Player http://www.secuobs.com/revue/news/569844.shtmlhttp://www.secuobs.com/revue/news/569844.shtml 2015-05-02 16:45:49 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à visionner une animation Adobe Flash Player illicite, afin d'exécuter du code http://www.secuobs.com/revue/news/569491.shtmlhttp://www.secuobs.com/revue/news/569491.shtml 2015-04-27 20:40:42 - Vigilance vulnérabilités publiques : Un attaquant peut provoquer l'utilisation d'une zone mémoire libérée de Adobe Flash Player, afin de mener un déni de service, et éventuellement d'exécuter du code http://www.secuobs.com/revue/news/568944.shtmlhttp://www.secuobs.com/revue/news/568944.shtml 2015-04-24 15:05:02 - Office of Inadequate Security : Allison Grande reports Adobe Systems Inc has agreed to settle a consolidated proposed class action in California federal http://www.secuobs.com/revue/news/568669.shtmlhttp://www.secuobs.com/revue/news/568669.shtml 2015-04-23 22:23:02 - Security Bloggers Network : Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex The post Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex appeared first on SecurityOrbcom http://www.secuobs.com/revue/news/568590.shtmlhttp://www.secuobs.com/revue/news/568590.shtml 2015-04-22 15:04:35 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à visionner une animation Adobe Flash Player illicite, pour provoquer l'utilisation d'une zone mémoire libérée dans ByteArray UncompressViaZlibVariant, afin de mener un déni de service, et éventuellement d'exécuter du code http://www.secuobs.com/revue/news/568304.shtmlhttp://www.secuobs.com/revue/news/568304.shtml 2015-04-21 22:13:48 - Computer Security News : The breach, which took place last October, caused temporary disruptions in some government services Several federal agencies are still investigating the breach, but many in the IT security community are solidly pointing fingers at Russia http://www.secuobs.com/revue/news/568200.shtmlhttp://www.secuobs.com/revue/news/568200.shtml 2015-04-19 04:05:29 - Security Bloggers Network : FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows Using the Dynamic Threat Intelligence Cloud DTI , FireEye researchers detected a pattern of attacks beginning on April 13th, 2015 Adobe independently patched the vulnerability CVE-2015-3043 in APSB15-06 Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows CVE-2015-1701 While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous We have only seen CVE-2015-1701 in use in conjunction with the Adobe Flash exploit for CVE-2015-3043 The Microsoft Security Team is working on a fix for CVE-2015-1701 Exploit Overview ---------------- The high level flow of the exploit is as follows 1 User clicks link to attacker controlled website 2 HTML JS launcher page serves Flash exploit 3 Flash exploit triggers CVE-2015-3043, executes shellcode 4 Shellcode downloads and runs executable payload 5 Executable payload exploits local privilege escalation CVE-2015-1701 to steal System token The Flash exploit is served from unobfuscated HTML JS The launcher page picks one of two Flash files to deliver depending upon the target s platform Windows 32 versus 64bits The Flash exploit is mostly unobfuscated with only some light variable name mangling The attackers relied heavily on the CVE-2014-0515 Metasploit module, which is well documented It is ROPless, and instead constructs a fake vtable for a FileReference object that is modified for each call to a Windows API The payload exploits a local privilege escalation vulnerability in the Windows kernel if it detects that it is running with limited privileges It uses the vulnerability to run code from userspace in the context of the kernel, which modifies the attacker s process token to have the same privileges as that of the System process CVE-2015-3043 Exploit --------------------- The primary difference between the CVE-2014-0515 metasploit module and this exploit is, obviously, the vulnerability CVE-2014-0515 exploits a vulnerability in Flash s Shader processing, whereas CVE-2015-3043 exploits a vulnerability in Flash s FLV processing The culprit FLV file is embedded within AS3 in two chunks, and is reassembled at runtime Vulnerability A buffer overflow vulnerability exists in Adobe Flash Player this_lb60 _lb60 0x07FE _local_3 0x00 while local_3 this_lb60 this_ok47 local_2 local_3 0x41414141 _local_3 _local_2 local_2 0x01 _local_2 0x00 while local_2 this_bp35 this_ok47 local_2 null _local_2 local_2 0x02 IMAGE As the previous picture demonstrated, the followed Vector object s length field being overflowed as 0x80007fff, which enables the attacker to read write arbitrary data within user space Shellcode --------- Shellcode is passed to the exploit from HTML in flashvars The shellcode downloads the next stage payload, which is an executable passed in plaintext, to the temp directory with UrlDownloadToFileA, which it then runs with WinExec Payload C2 ------------ This exploit delivers a malware variant that shares characteristics with the APT28 backdoors CHOPSTICK and CORESHELL malware families, both described in our APT28 whitepaper The malware uses an RC4 encryption key that was previously used by the CHOPSTICK backdoor And the C2 messages include a checksum algorithm that resembles those used in CHOPSTICK backdoor communications In addition, the network beacon traffic for the new malware resembles those used by the CORESHELL backdoor Like CORESHELL, one of the beacons includes a process listing from the victim host And like CORESHELL, the new malware attempts to download a second-stage executable One of the C2 locations for the new payload, 87236215 246, also hosts a suspected APT28 domain ssl-icloud com The same subnet 872362150 24 also hosts several known or suspected APT28 domains, as seen in Table 1 IMAGE The target firm is an international government entity in an industry vertical that aligns with known APT28 targeting CVE-2015-1701 Exploit --------------------- The payload contains an exploit for the unpatched local privilege escalation vulnerability CVE-2015-1701 in Microsoft Windows The exploit uses CVE-2015-1701 to execute a callback in userspace The callback gets the EPROCESS structures of the current process and the System process, and copies data from the System token into the token of the current process Upon completion, the payload continues execution in usermode with the privileges of the System process Because CVE-2015-3043 is already patched, this remote exploit will not succeed on a fully patched system If an attacker wanted to exploit CVE-2015-1701, they would first have to be executing code on the victim s machine Barring authorized access to the victim s machine, the attacker would have to find some other means, such as crafting a new Flash exploit, to deliver a CVE-2015-1701 payload Microsoft is aware of CVE-2015-1701 and is working on a fix CVE-2015-1701 does not affect Windows 8 and later Acknowledgements Thank you to all of the contributors to this blog The following people in FireEye Dan Caselden, Yasir Khalid, James Tom Bennett, GenWei Jiang, Corbin Souffrant, Joshua Homan, Jonathan Wrolstad, Chris Phillips, Darien Kindlund Microsoft Adobe security teams http://www.secuobs.com/revue/news/567720.shtmlhttp://www.secuobs.com/revue/news/567720.shtml 2015-04-15 20:19:48 - Security Bloggers Network : Today Microsoft is releasing a follow-up for IE10 and IE11 based on Adobe's own security bulletin delivered yesterday read more http://www.secuobs.com/revue/news/567518.shtmlhttp://www.secuobs.com/revue/news/567518.shtml 2015-04-15 11:40:19 - Help Net Security : Adobe released a new version of Flash Player 1700169 for Windows and Macintosh, and for Linux 112202457 These security updates fix a host of critical vulnerabilities - 22 in all - most o http://www.secuobs.com/revue/news/567412.shtmlhttp://www.secuobs.com/revue/news/567412.shtml 2015-04-15 04:20:21 - Security Bloggers Network : Watch Qualys coverage for Top 5 Server Side Patch Tuesday Vulnerabilities from Microsoft, Oracle and Adobe - April 2015 http://www.secuobs.com/revue/news/567384.shtmlhttp://www.secuobs.com/revue/news/567384.shtml 2015-04-15 04:20:21 - Security Bloggers Network : Watch Qualys coverage of Top 5 Client Side Patch Tuesday Vulnerabilities from Microsoft, Oracle and Adobe - April 2015 http://www.secuobs.com/revue/news/567383.shtmlhttp://www.secuobs.com/revue/news/567383.shtml 2015-04-14 18:03:58 - Global Security Mag Online : Akamai Technologies, Inc, annonce intégrer à son réseau les capacités d'insertion publicitaire d'Adobe Primetime en vue de simplifier le mode de diffusion des publicités vidéo sur Internet L'insertion publicitaire côté serveur, qui consiste à amalgamer les publicités au contenu au niveau du réseau, offre maints avantages aux annonceurs, fournisseurs de contenus et consommateurs Possibilité de monétiser de contenus TV sur tout écran, dans tout format, avec toute technologie de décision publicitaire - Produits http://www.secuobs.com/revue/news/567305.shtmlhttp://www.secuobs.com/revue/news/567305.shtml 2015-04-13 19:07:18 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Flash Player http://www.secuobs.com/revue/news/567153.shtmlhttp://www.secuobs.com/revue/news/567153.shtml 2015-03-24 20:36:55 - Security Bloggers Network : An old Adobe vulnerability patched in 2011 has been allowing attackers to compromise user data of many high-profile websites, including three of Alexa s top 10 most visited sites Application security researchers Luca Carettoni from LinkedIn and Mauro Gentile from Minded Security recently presented their findings regarding the CVE-2011-2461 bug, which affected previous releases of Adobe s Read More The post Four-Year-Old Adobe Flash Bug Exposes Users of Top Trafficked Sites appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/564667.shtmlhttp://www.secuobs.com/revue/news/564667.shtml 2015-03-24 18:43:34 - Security Bloggers Network : When released, Project Spartan will have been developed from a very different, but collaborative cloth read more http://www.secuobs.com/revue/news/564660.shtmlhttp://www.secuobs.com/revue/news/564660.shtml 2015-03-24 14:06:41 - Help Net Security : An old vulnerability affecting old releases of the Adobe Flex SDK compiler can be exploited to compromise user data of visitors to many popular sites, including three of most visited ones in the world http://www.secuobs.com/revue/news/564602.shtmlhttp://www.secuobs.com/revue/news/564602.shtml 2015-03-13 14:13:56 - Security Bloggers Network : Adobe's latest security update includes patches for vulnerabilities which allow remote code execution http://www.secuobs.com/revue/news/563335.shtmlhttp://www.secuobs.com/revue/news/563335.shtml 2015-03-12 20:54:46 - Krebs on Security : Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program If you have Flash installed, please take a moment to ensure your systems are updated http://www.secuobs.com/revue/news/563235.shtmlhttp://www.secuobs.com/revue/news/563235.shtml 2015-03-09 18:45:20 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Acrobat, Reader http://www.secuobs.com/revue/news/562698.shtmlhttp://www.secuobs.com/revue/news/562698.shtml 2015-03-06 18:17:06 - Security Bloggers Network : Forget cash, Adobe is offering reputational points instead with its new bug bounty program http://www.secuobs.com/revue/news/562439.shtmlhttp://www.secuobs.com/revue/news/562439.shtml 2015-03-06 15:23:25 - Security Bloggers Network : Adobe, the company behind Flash, Photoshop and Adobe Reader, has launched a program encouraging security researchers to find and report possible vulnerabilities to the firm The post Adobe crowdsources its bug-hunting, but no rewards offered appeared f http://www.secuobs.com/revue/news/562413.shtmlhttp://www.secuobs.com/revue/news/562413.shtml 2015-03-06 10:57:00 - Help Net Security : Adobe has launched its own web application vulnerability disclosure program Set up through the bug bounty platform HackerOne, the program is limited to vulnerabilities affecting Adobe online se http://www.secuobs.com/revue/news/562369.shtmlhttp://www.secuobs.com/revue/news/562369.shtml 2015-03-05 14:09:39 - Security Bloggers Network : Adobe, maker of software including Flash and Adobe reader, is catching up to the times and has launched a bug bounty program -- but something may be missing http://www.secuobs.com/revue/news/562256.shtmlhttp://www.secuobs.com/revue/news/562256.shtml 2015-03-04 18:25:39 - Core Security Blog : At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player 1600287 and earlier versions This vulnerability, identified as CVE-2015-0311, allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash Read more http://www.secuobs.com/revue/news/562135.shtmlhttp://www.secuobs.com/revue/news/562135.shtml 2015-02-26 09:43:54 - Vigilance vulnérabilités publiques : Un attaquant provoquer l'utilisation d'une zone mémoire libérée dans Adobe Flash Player, afin de mener un déni de service, et éventuellement d'exécuter du code http://www.secuobs.com/revue/news/561261.shtmlhttp://www.secuobs.com/revue/news/561261.shtml 2015-02-11 16:06:02 - Security Bloggers Network : Oh, Adobe Flash I knew you well, starting from when you were known as Macromedia Flash in the late 1990s The dynamic web content you provided me was amazing Streaming video over 56k would ve Go on to the site to read the full article http://www.secuobs.com/revue/news/559118.shtmlhttp://www.secuobs.com/revue/news/559118.shtml 2015-02-09 08:51:05 - Reverse Engineering : submitted by rolfr link comment http://www.secuobs.com/revue/news/558641.shtmlhttp://www.secuobs.com/revue/news/558641.shtml 2015-02-08 21:12:56 - SecTechno : http://www.secuobs.com/revue/news/558589.shtmlhttp://www.secuobs.com/revue/news/558589.shtml 2015-02-07 10:06:40 - Vigilance vulnérabilités publiques : Un attaquant peut contourner ASLR via Adobe Flash Player, afin de faciliter l'exploitation d'une autre vulnérabilité http://www.secuobs.com/revue/news/558493.shtmlhttp://www.secuobs.com/revue/news/558493.shtml 2015-02-06 19:42:29 - Security Bloggers Network : This has not been a great week for Adobe they have been scrambling to fix a number of critical vulnerabilities in their Flash Player product that are being used in active attacks But a patch is now available to cover all these vulnerabilities - so patch now The post Patch Now Adobe Vulnerabilities Under Attack appeared first on We Live Security http://www.secuobs.com/revue/news/558418.shtmlhttp://www.secuobs.com/revue/news/558418.shtml 2015-02-06 05:12:00 - TrendLabs Security Intelligence Blog : Continuing our analysis of the recent Adobe zero-day exploit, we find that the infection chain does not end with the Flash exploit, detected as SWF_EXPLOITMJST Rather, the exploit downloads and executes malware belonging to the BEDEP family Ties to BEDEP Malware This detail is rather interesting as this is not the first time an Adobe Post from Trendlabs Security Intelligence Blog - by Trend Micro BEDEP Malware Tied To Adobe Zero-Days http://www.secuobs.com/revue/news/558310.shtmlhttp://www.secuobs.com/revue/news/558310.shtml 2015-02-05 18:07:49 - Security Bloggers Network : Adobe patches Flash against latest flaw - but how long until the next zero-day bug It s great that Adobe has fixed the latest vulnerability in Flash, which was being actively exploited by online criminals But what are you doing to reduce the risk before the next flaw is found http://www.secuobs.com/revue/news/558257.shtmlhttp://www.secuobs.com/revue/news/558257.shtml 2015-02-05 15:41:14 - Help Net Security : Adobe has released Flash Player 1600305, a new version that fixes the latest zero-day flaw CVE-2015-0313 that is currently exploited in mass malvertising campaigns An exploit for the flaw has http://www.secuobs.com/revue/news/558206.shtmlhttp://www.secuobs.com/revue/news/558206.shtml 2015-02-04 01:33:25 - Security Bloggers Network : Just yesterday Adobe announced a zero-day vulnerability in Adobe Flash Player version 1600296 The zero-day exploit is delivered by a lesser known Exploit Kit - HanJuan - potentially attacking a large number of users Since the attack is exploiting Adobe Flash, the malicious code will successfully execute in various browsers and different Windows versions We've seen a surge in the exploitation of Flash recently We just finished analyzing zero-day vulnerability CVE-2015-0311 that was used by the prevalent Angler exploit kit to deliver malware and infect unsuspecting users And now CVE-2015-0313 has appeared in the wild The vulnerability is a use-after-free http://www.secuobs.com/revue/news/557894.shtmlhttp://www.secuobs.com/revue/news/557894.shtml 2015-02-03 16:14:25 - Security Bloggers Network : Oh, joy Adobe has put out yet another security bulletin for vulnerabilities in Flash Details Security Advisory for Adobe Flash Player Release date February 2, 2015 Vulnerability identifier APSA15-02 CVE number CVE-2015-0313 Platform All Platforms Summary A critical vulnerability CVE-2015-0313 exists in Adobe Flash Player 1600296 and earlier versions for Windows and Macintosh Successful exploitation could cause a crash The post New Adobe Flash Vulnerability CVE-2015-0313 appeared first on Liquidmatrix Security Digest http://www.secuobs.com/revue/news/557815.shtmlhttp://www.secuobs.com/revue/news/557815.shtml 2015-02-03 14:06:30 - Global Security Mag Online : Trend Micro a identifié ce week-end une nouvelle vulnérabilité zero-day affectant Adobe Flash Player, la troisième depuis le début de l'année Confirmée par Adobe mais pas encore patchée, cette vulnérabilité expose plus d'un milliard d'ordinateurs utilisant la dernière version d'Adobe Flash Dans un post publié hier sur leur blog, les chercheurs de Trend Micro expliquent que cette vulnérabilité est semblable à celle de la semaine dernière, qui affectait les produits Flash pour Windows Les attaques sont - Vulnérabilités http://www.secuobs.com/revue/news/557778.shtmlhttp://www.secuobs.com/revue/news/557778.shtml 2015-02-03 13:51:23 - Security Bloggers Network : Adobe has warned that online criminals are attacking Internet Explorer and Firefox users via an as-yet-unpatched zero day vulnerability in Adobe Flash Do you know how to enable Click to Play in your browser to protect yourself http://www.secuobs.com/revue/news/557777.shtmlhttp://www.secuobs.com/revue/news/557777.shtml 2015-02-03 13:51:23 - Security Bloggers Network : Ready to kiss goodbye to Flash in your browser yet Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday http://www.secuobs.com/revue/news/557776.shtmlhttp://www.secuobs.com/revue/news/557776.shtml 2015-02-02 19:14:32 - Security Bloggers Network : After Adobe fixed two 0-days APSB15-02 and APSB15-03 in January, February starts off with its own 0-day Trend Micro reports and Adobe acknowledges the new 0-day CVE-2015-0313, which comes to us courtesy of the Angler Exploit Kit again Not much is k http://www.secuobs.com/revue/news/557670.shtmlhttp://www.secuobs.com/revue/news/557670.shtml 2015-02-02 19:03:17 - Symantec Connect Security Response Billets : Patch due to be published this week for critical new Adobe Flash vulnerability CVE-2015-0313 IMAGE Read More http://www.secuobs.com/revue/news/557665.shtmlhttp://www.secuobs.com/revue/news/557665.shtml 2015-02-02 15:47:46 - TrendLabs Security Intelligence Blog : Our researchers have discovered a new zero-day exploit in Adobe Flash used in malvertisement attacks The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313 Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection Post from Trendlabs Security Intelligence Blog - by Trend Micro Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements http://www.secuobs.com/revue/news/557631.shtmlhttp://www.secuobs.com/revue/news/557631.shtml 2015-01-30 03:55:17 - SecurityTube.Net : It goes without saying that Adobe has made some mistakes as a software company Quite possibly their largest was the breach that resulted in 153 million user credentials being disclosed to the Internet The good news is that Adobe's passwords were encrypted The bad news is that they were encrypted poorly The worse news is that Adobe isn't alone Each day greets us with news of a new breach, threatening to compromise our identities We must address this growing problem of poor stored password security In this talk, I am going to speak briefly about password storage techniques, popular implementations, their problems, and how to fix them, leveraging Recon-ng to demonstrate the risk associated with using each technique I'll specifically address the fundamental flaws in Adobe's approach to password encryption and dive into the techniques I've used over the past year to crack a large percent of the Adobe passwords without access to the encryption key Finally, I'll release a Python module I wrote to assist with cracking the encrypted Adobe passwords and use it to conduct a live password cracking demonstration For More Information Please Visit - http wwwsecuritybsidescom w page 77739272 BSidesAugustapourcents202014 http://www.secuobs.com/revue/news/557226.shtmlhttp://www.secuobs.com/revue/news/557226.shtml 2015-01-29 18:02:17 - Security Bloggers Network : A security firm has identified a malvertising campaign that is leveraging a recently discovered and subsequently patched Flash zero-day vulnerability to infect visitors with malware on a popular adult website In a post on its blog, Malwarebytes notes how malware infections coming from xHamster have increased nearly 1500pourcents This figure is expected to increase given Read More The post Adobe Flash 0-Day Vulnerability Serves Up Bedep Malware on Adult Website appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/557157.shtmlhttp://www.secuobs.com/revue/news/557157.shtml 2015-01-26 14:30:58 - Help Net Security : Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability CVE-2015-0311 preyed on by the Angler exploit kit The http://www.secuobs.com/revue/news/556570.shtmlhttp://www.secuobs.com/revue/news/556570.shtml 2015-01-25 03:32:28 - Security Bloggers Network : Ahead of schedule, Adobe begins to automatically update Flash against another actively-exploited security hole http://www.secuobs.com/revue/news/556456.shtmlhttp://www.secuobs.com/revue/news/556456.shtml 2015-01-25 01:54:57 - Security Bloggers Network : Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash The patch is now ready via auto-update - 2 days early http://www.secuobs.com/revue/news/556454.shtmlhttp://www.secuobs.com/revue/news/556454.shtml 2015-01-23 23:33:14 - Security Bloggers Network : Adobe has released a critical security patch for an Adobe Flash vulnerability that is being exploited by online criminals The vulnerability, known as CVE-2015-0310, can be used by hackers to circumvent memory randomization mitigations on versions of Windows Obviously it would be sensible to ensure that your version of Flash is updated as soon as possible If you re using Google Chrome or Internet Explorer for Windows 8x, then Flash should already have been updated to the latest version If not, then it would be wise to follow the advice in Adobe s security advisory to get the latest update http://www.secuobs.com/revue/news/556366.shtmlhttp://www.secuobs.com/revue/news/556366.shtml 2015-01-23 15:44:18 - Security Bloggers Network : A collection of notable security news items for the week ending January 23, 2015 Covers enterprise, controversies, application and mobile security, malware, reports and more http://www.secuobs.com/revue/news/556307.shtmlhttp://www.secuobs.com/revue/news/556307.shtml 2015-01-23 15:44:18 - Security Bloggers Network : Emergency patch for Adobe Flash security hole, but another zero-day being actively exploited Two critical security vulnerabilities, being actively exploited by online criminals, have been discovered in Adobe Flash There has been a patch released for one of them, but not the other one http://www.secuobs.com/revue/news/556306.shtmlhttp://www.secuobs.com/revue/news/556306.shtml 2015-01-23 12:51:30 - Security Bloggers Network : Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310 Adobe has a fix already, so grab it while it's hot http://www.secuobs.com/revue/news/556272.shtmlhttp://www.secuobs.com/revue/news/556272.shtml 2015-01-23 12:10:44 - Security Bloggers Network : A French Security Researcher known as Kafeine found a Zero-Day in Adobe s flash player that is spread through the Angler exploit kit This exploit is being used in tandem with The post New Adobe Flash Zero-Day found by security researcher appeared first on Alert Logic http://www.secuobs.com/revue/news/556269.shtmlhttp://www.secuobs.com/revue/news/556269.shtml 2015-01-22 18:56:02 - Security Bloggers Network : Just yesterday, security researcher Kafeine discovered a zero-day vulnerability in Adobe Flash Player version 1600257 The zero-day is delivered by the prevalent Angler exploit kit and potentially attacking a large number of users Because the attack exploits Adobe Flash, the malicious code will successfully execute in various browsers Here's a screen shot of Fiddler showing the execution of the attack Here is the detailed execution flow 1 The user's browser accesses the Angler exploit kit's landing page hosted at http s0-349u3hsdfkhsbxoipoqlyterain 7 This host was specifically set up to serve this exploit kit 2 Angler delivers the Flash zero-day 8 Notice http://www.secuobs.com/revue/news/556130.shtmlhttp://www.secuobs.com/revue/news/556130.shtml 2015-01-22 13:57:16 - Help Net Security : An exploit for a still officially unconfirmed zero-day vulnerability in Adobe Flash Player has been added to the popular Angler exploit kit and is, along with exploits for several other Flash flaws, o http://www.secuobs.com/revue/news/555879.shtmlhttp://www.secuobs.com/revue/news/555879.shtml 2015-01-22 11:11:29 - Security Bloggers Network : Security researcher Kafeine https twittercom kafeine has apparently found a new exploit against the latest Adobe Flash APSB15-01 The exploit is part of the Angler Exploit Kit and could have quite widespread impact In his testing the following http://www.secuobs.com/revue/news/555857.shtmlhttp://www.secuobs.com/revue/news/555857.shtml 2015-01-22 02:02:36 - Symantec Connect Security Response Billets : An unconfirmed zero-day vulnerability in Adobe Flash Player is being used by the Angler exploit kit to install malware IMAGE Read More http://www.secuobs.com/revue/news/555817.shtmlhttp://www.secuobs.com/revue/news/555817.shtml 2015-01-16 18:19:28 - Security Bloggers Network : Follow these simple steps to make sure your Adobe flash player is up to date and to avoid any potential cyber attacks The post How to make sure Adobe Flash is up to date appeared first on We Live Security http://www.secuobs.com/revue/news/555042.shtmlhttp://www.secuobs.com/revue/news/555042.shtml 2015-01-15 20:18:35 - Computer Security News : The updates apply to versions of Adobe Flash Player for Windows, Microsoft, iOS, Android and Linux, and are available for download at the Adobe Web site The update includes patches for a variety of problems, four of which Adobe rated as critical, its highest priority ranking http://www.secuobs.com/revue/news/554876.shtmlhttp://www.secuobs.com/revue/news/554876.shtml 2015-01-14 00:25:06 - Security Bloggers Network : Watch Qualys coverage of Microsoft and Adobe Patch Tuesday January 2015 http://www.secuobs.com/revue/news/554434.shtmlhttp://www.secuobs.com/revue/news/554434.shtml 2015-01-13 20:07:30 - Security Bloggers Network : Adobe patches nine vulnerabilities -- four of which are considered critical -- in order to protect against hackers who could exploit the bug to take control of an affected system http://www.secuobs.com/revue/news/554395.shtmlhttp://www.secuobs.com/revue/news/554395.shtml 2015-01-05 17:25:24 - Blog : In early 2014, Citroen found itself stuck in the middle of an IT security incident Hackers had taken advantage of a vulnerability found in Adobe ColdFusion the third-party web-development platform on which the French auto manufacturer relied And though the company's own servers were http://www.secuobs.com/revue/news/553091.shtmlhttp://www.secuobs.com/revue/news/553091.shtml 2014-12-24 06:36:30 - New RFCs : 102KB This memo describes how to use Adobe's Secure Real-Time Media Flow Protocol RTMFP to transport the video, audio, and data messages of Adobe Flash platform communications Aspects of this application profile include cryptographic methods and data formats, flow metadata formats, and protocol details for client-server and peer-to-peer communication http://www.secuobs.com/revue/news/551695.shtmlhttp://www.secuobs.com/revue/news/551695.shtml 2014-12-16 21:45:14 - Ars Technica Risk Assessment : Operation Torpedo relied on long-abandoned Metasploit Decloaking Engine http://www.secuobs.com/revue/news/550512.shtmlhttp://www.secuobs.com/revue/news/550512.shtml 2014-12-16 18:53:30 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Acrobat, Reader http://www.secuobs.com/revue/news/550485.shtmlhttp://www.secuobs.com/revue/news/550485.shtml 2014-12-10 01:15:12 - Security Bloggers Network : Watch Qualys coverage of Microsoft, Adobe and POODLE on Patch Tuesday December 2014 http://www.secuobs.com/revue/news/549306.shtmlhttp://www.secuobs.com/revue/news/549306.shtml 2014-12-09 18:42:04 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Flash Player http://www.secuobs.com/revue/news/549255.shtmlhttp://www.secuobs.com/revue/news/549255.shtml 2014-12-05 11:04:43 - Vigilance vulnérabilités publiques : Un attaquant peut employer MoveFileEx sur Adobe Acrobat ou Reader, afin de déposer un programme illicite sur l'ordinateur de la victime http://www.secuobs.com/revue/news/548640.shtmlhttp://www.secuobs.com/revue/news/548640.shtml 2014-11-28 18:12:04 - Security Bloggers Network : IMAGE Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source IMAGE http://www.secuobs.com/revue/news/547683.shtmlhttp://www.secuobs.com/revue/news/547683.shtml 2014-11-28 16:24:04 - Security Bloggers Network : Adobe has published a Flash update, dubbed APSB14-26 The new patch offers additional protection against a vulnerability that was originally addressed in October 2014 IMAGE http://www.secuobs.com/revue/news/547668.shtmlhttp://www.secuobs.com/revue/news/547668.shtml 2014-11-26 14:39:46 - Security Bloggers Network : The post Adobe Releases Emergency Update To Fix Critical Flash Player Vulnerability appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/547372.shtmlhttp://www.secuobs.com/revue/news/547372.shtml 2014-11-26 11:58:38 - Help Net Security : For the second time in a month, Adobe has issued a security update for Flash Player This out-of-band update finally fixes a critical vulnerability that could be misused by remote attackers to take co http://www.secuobs.com/revue/news/547346.shtmlhttp://www.secuobs.com/revue/news/547346.shtml 2014-11-13 17:46:49 - Vigilance vulnérabilités publiques : Un attaquant peut créer un document PDF illicite causant l'échappement du bac à sable de Adobe Acrobat Reader, afin d'exécuter du code natif sans restrictions http://www.secuobs.com/revue/news/545360.shtmlhttp://www.secuobs.com/revue/news/545360.shtml 2014-11-13 15:04:43 - Vigilance vulnérabilités publiques : Un attaquant peut employer plusieurs vulnérabilités de Adobe Flash Player http://www.secuobs.com/revue/news/545304.shtmlhttp://www.secuobs.com/revue/news/545304.shtml