Sundown Exploit Kit and The EITEST Campaign

Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”

Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks

Adobe Flash Player are earlier versions for Windows, Macintosh, Linux, and Chrome OS are currently being exploited and there is no patch. Therefore we have marked them as ‘Zero Day’ as well as ‘Active Attacks’ in ThreatPROTECT.  The exploit uses CVE-2016-4171 in targeted attacks. Adobe is expected to address this vulnerability on June 16. We have … Continue reading “Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks”

Adobe Flash new 0-day – Update

Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V21.0.0.226. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”

Adobe Flash partial 0-day patched in OOB release

Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”

Adobe patches 0-day in Flash with out-of-band update

On March 10 Adobe released an out-of-band update for their Flash Player that addresses a vulnerability (CVE-2016-1010) actively exploited in targeted attacks. APSB16-08 addresses also another 22 vulnerabilities. A successful exploit of this vulnerability gives the attacker Remote Code Execution on the target machine. Attack vector includes malicious websites set up for the purpose of … Continue reading “Adobe patches 0-day in Flash with out-of-band update”

Angler ExploitKit integrates Flash APSB16-01

On January 22 the Angler ExploitKit integrated the recent vulnerability CVE-2015-8651 into its arsenal. With that the exploit becomes widely available. We have updated the corresponding RTI to “ExploitKit”. Patching Adobe Flash player by applying APSB16-01 now becomes crucial as attacks against the vulnerability are now bound to be common.

Adobe addresses 0-day in Flash Player

On December 27 Adobe released an out-of-band update APSB16-01 for their Flash Player to address a vulnerability (CVE-2015-8651) that is already under attack. Under ThreatProtect we have set the RTI to “Actively Attacked”, which means there are targeted attacks on this vulnerability underway. We suggest patching your Flash players as quickly as possible.

Adobe Flash 0-day under targeted attack

TrendMicro has found evidence of an active exploit against a new vulnerability in the Adobe Flash player. Adobe has issued a patch in APSB15-27 and has been assigned CVE-2015-7645 Our RTI for QID: 124154 is ActivelyAttacked.

2nd Flash 0-day

Adobe has acknowledged in APSA15-01 the existence of attacks in the wild against an Adobe Flash vulnerability (CVE-2015-0311). Our RTI for QID: 123181 is set to: 0-day.

Adobe Flash 0-day in Angler

Security Researcher Kafeine has detected a new attack against an Adobe Flash vulnerability (CVE-2015-0310) deployed in the Exploit Kit Angler and documented its function on January 21. Adobe has it addressed in APSB15-02 on January 22. Our RTI for QID: 123187 is set to: ExploitPack.