ImageMagick vulnerability under active attack

ImageMagick is a popular open source package for image manipulation. A number of vulnerabilities have been identified in the software: one of them, CVE-2016-3714, allows for Remote Code Execution (RCE) and is under active attack in the wild. There is no patch available at the moment, but users can configure the “policy.xml” file to neutralize … Continue reading “ImageMagick vulnerability under active attack”

Analysis of RIG Exploit Kit weaponizing CVE-2016-0034

Exploit kit authors often update the capabilities of their exploit kits by adding support for new vulnerabilities so that they can compromise and install malware or ransomware on even more machines. As part of the ThreatPROTECT research team, I analyze exploit kits to keep track of the latest vulnerabilities being incorporated into them. Back in February, I analyzed the … Continue reading “Analysis of RIG Exploit Kit weaponizing CVE-2016-0034”

Accellion FTA Vulnerabilities

Security researcher Orange recently managed to gain access to a file transfer server at Facebook. He used a set of vulnerabilities that he found in the product that provides the service: the Accellion File Transfer Server (FTA). He notified Facebook under their bug bounty program and was awarded US$ 10,000. Accellion addressed vulnerabilities CVE-2016-2350/1/2/3 in … Continue reading “Accellion FTA Vulnerabilities”

Microsoft Windows under active attack

Microsoft published MS16-039 for all versions of Windows on April 12, 2016. MS16-039 addresses four vulnerabilities, one rated “critical” allowing for Remote Code Execution, three rated “important” allowing for escalation of privilege. Two of the “important” vulnerabilities (CVE-2016-0165 and CVE-2016-0167) are under active attack. In a typical scenario an attacker would use a first vulnerability … Continue reading “Microsoft Windows under active attack”

Adobe Flash partial 0-day patched in OOB release

Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”

Adobe Flash Player under new 0-day attack

Adobe announced that a new version of their Flash Player product is expected to be released this week. The new version will address CVE-2016-1019, a critical vulnerability that is currently being exploited in the wild. However, if you are current with your Flash player patches you are protected. If you have the newest Flash player … Continue reading “Adobe Flash Player under new 0-day attack”

Latest Adobe 0-day now in Angler Exploit Kit

Security researcher Kafeine documented attacks against Adobe Flash player v20.0.0.306 coming from the Angler Exploit Kit. The vulnerability exploited is CVE-2016-1001. Adobe addressed the vulnerability in APSB16-08 on March, 10. The RTI on QId: 124779 is now on level: ExploitKit.

Oracle patches 0-day in Java

Oracle published a new version of Java today. The new version Java v8 update 77 addresses a single critical vulnerability with CVE code CVE-2016-0636. This vulnerability had been disclosed publically 2 weeks ago on the fulldisclosure list. Security researcher Adam Gowdiak, CEO of Security Explorations classified it as a variant of an older issue (CVE-2013-5838) … Continue reading “Oracle patches 0-day in Java”

Microsoft Word under active Attack (MS16-029)

Virustotal, a free online service for file-analysis has seen the first samples of RTF files that abuse CVE-2016-0021. CVE-2016-0021 is a Remote Code Execution vulnerability which can be triggered in Word or through the preview pane in Outlook. It was addressed in MS16-029 in Microsoft Patch Tuesday March 2016. We consider Microsoft Word under targeted … Continue reading “Microsoft Word under active Attack (MS16-029)”

Adobe patches 0-day in Flash with out-of-band update

On March 10 Adobe released an out-of-band update for their Flash Player that addresses a vulnerability (CVE-2016-1010) actively exploited in targeted attacks. APSB16-08 addresses also another 22 vulnerabilities. A successful exploit of this vulnerability gives the attacker Remote Code Execution on the target machine. Attack vector includes malicious websites set up for the purpose of … Continue reading “Adobe patches 0-day in Flash with out-of-band update”