Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”
Adobe Flash Player under new 0-day attack
Adobe announced that a new version of their Flash Player product is expected to be released this week. The new version will address CVE-2016-1019, a critical vulnerability that is currently being exploited in the wild. However, if you are current with your Flash player patches you are protected. If you have the newest Flash player … Continue reading “Adobe Flash Player under new 0-day attack”
Latest Adobe 0-day now in Angler Exploit Kit
Security researcher Kafeine documented attacks against Adobe Flash player v20.0.0.306 coming from the Angler Exploit Kit. The vulnerability exploited is CVE-2016-1001. Adobe addressed the vulnerability in APSB16-08 on March, 10. The RTI on QId: 124779 is now on level: ExploitKit.
Oracle patches 0-day in Java
Oracle published a new version of Java today. The new version Java v8 update 77 addresses a single critical vulnerability with CVE code CVE-2016-0636. This vulnerability had been disclosed publically 2 weeks ago on the fulldisclosure list. Security researcher Adam Gowdiak, CEO of Security Explorations classified it as a variant of an older issue (CVE-2013-5838) … Continue reading “Oracle patches 0-day in Java”
Microsoft Word under active Attack (MS16-029)
Virustotal, a free online service for file-analysis has seen the first samples of RTF files that abuse CVE-2016-0021. CVE-2016-0021 is a Remote Code Execution vulnerability which can be triggered in Word or through the preview pane in Outlook. It was addressed in MS16-029 in Microsoft Patch Tuesday March 2016. We consider Microsoft Word under targeted … Continue reading “Microsoft Word under active Attack (MS16-029)”
Adobe patches 0-day in Flash with out-of-band update
On March 10 Adobe released an out-of-band update for their Flash Player that addresses a vulnerability (CVE-2016-1010) actively exploited in targeted attacks. APSB16-08 addresses also another 22 vulnerabilities. A successful exploit of this vulnerability gives the attacker Remote Code Execution on the target machine. Attack vector includes malicious websites set up for the purpose of … Continue reading “Adobe patches 0-day in Flash with out-of-band update”
Transmission 2.90 trojaned by Ransomware
Popular Bittorrent client Transmission 2.90 for Mac OS X has been trojaned by Ransomware. v2.91 is free of the Ransomware and we recommend to install 2.92 for a version of Transmission that also removes the installed Ransomware.
Angler ExploitKit weaponizes Silverlight MS16-006
In January’s Patch Tuesday Microsoft addresses a vulnerability in Silverlight that was reported by Kaspersky. A week later on January 13 Kaspersky reported that the vulnerability was already being exploited in the wild and we set our RTI to “Actively Attacked”. Just 5 weeks later there has been a new development: security researcher @Kafeine has … Continue reading “Angler ExploitKit weaponizes Silverlight MS16-006”
Angler ExploitKit integrates Flash APSB16-01
On January 22 the Angler ExploitKit integrated the recent vulnerability CVE-2015-8651 into its arsenal. With that the exploit becomes widely available. We have updated the corresponding RTI to “ExploitKit”. Patching Adobe Flash player by applying APSB16-01 now becomes crucial as attacks against the vulnerability are now bound to be common.
Silverlight MS16-006 seen in targeted attacks
On January 12 Microsoft published MS16-006 a new version of Silverlight, Microsoft’s Flash competitor that is widely installed due to its initial use by Netflix. The new version addresses 2 critical vulnerabilities. On January 13, Kaspersky who had reported that bug to Microsoft, explained that the vulnerability was already being exploited in the wild. They … Continue reading “Silverlight MS16-006 seen in targeted attacks”
