On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”
Adobe Flash new 0-day – Update
Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V18.104.22.168. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”
Internet Explorer under active attack
Microsoft has released a new version of Internet Explorer 7-11 that addresses the critical vulnerability CVE-2016-0189 together with four other vulnerabilities. According to Microsoft’s bulletins MS16-051 and MS16-053, CVE-2016-0189 is under active attack in the wild. Our RTI for QId: 100284 and 91220 is ActivelyAttacked.
Microsoft Windows under active attack
Microsoft published MS16-039 for all versions of Windows on April 12, 2016. MS16-039 addresses four vulnerabilities, one rated “critical” allowing for Remote Code Execution, three rated “important” allowing for escalation of privilege. Two of the “important” vulnerabilities (CVE-2016-0165 and CVE-2016-0167) are under active attack. In a typical scenario an attacker would use a first vulnerability … Continue reading “Microsoft Windows under active attack”
Microsoft Windows local 0-day (MS15-135)
Microsoft has informed in its Patch Tuesday December 2015 that CVE-2015-6175, a local privilege escalation vulnerability in under attack in the wild. The vulnerability affects only Windows 10 and is detailed in MS15-135. Our RTI for QID: 91133 is ActivelyAttacked
Adobe Flash 0-day under targeted attack
TrendMicro has found evidence of an active exploit against a new vulnerability in the Adobe Flash player. Adobe has issued a patch in APSB15-27 and has been assigned CVE-2015-7645 Our RTI for QID: 124154 is ActivelyAttacked.
Windows local vulnerability being exploited
Microsoft acknowledged in its September Patch Tuesday release that CVE-2015-2546 is being exploited for local privilege escalation in the wild. The vulnerability is present in all versions of Windows and is addressed in MS15-097. Our RTI for QID: 91094 is set to: ActivelyAttacked.