HackDig : Dig high-quality web security articles for hackers

Goodbye to Flash – if you’re still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash.(Or should that be “Good riddance”?)With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from Janua
Publish At:2020-12-10 13:32 | Read:217 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Adobe Flas

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

byLisa VaasWhen work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misco
Publish At:2020-05-18 12:27 | Read:1015 | Comments:0 | Tags:Malware Security threats Vulnerability .net Adobe Flash Apac

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:1003 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:1297 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

Latest Russia-linked APT28 campaign targeting security experts

Russian cyber espionage group APT28 targeted individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Researchers with Cisco Talos have spotted a Russian cyber espionage group targeting individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Experts attributed the atta
Publish At:2017-10-24 13:20 | Read:4262 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Malware Adobe Flash APT2

APT28 group is rushing to exploit recent CVE-2017-11292 Flash 0-Day before users apply the patches

The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches or update their systems. Security experts at Proofpoint collected evidence of several malware campaigns, powered by the Russian APT28 group, that rely on a Flash zero-day vulnerability that Adobe patched earlier this week. According to the experts who observed
Publish At:2017-10-23 00:30 | Read:6580 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Adobe Flash CVE-2017

Adobe patches multiple flaws including a Flash Zero-Day exploited in the wild

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild. Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks. The version of Flash Player addresses
Publish At:2016-12-13 19:45 | Read:5546 | Comments:0 | Tags:Breaking News Hacking Adobe Adobe Flash CVE-2016-7892 securi

VERT Threat Alert: November 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th.Ease of Use (published exploits) to Risk TableAutomated Exploit   MS16-132MS16-135Easy    Moderate    Difficult    Extremely DifficultMS16-129MS16-1
Publish At:2016-11-10 04:46 | Read:6463 | Comments:0 | Tags:Vulnerability Management Adobe Flash internet explorer micro

Adobe patches Flash Zero-Day exploited by ScarCruft APT

Adobe Flash Player release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. Adobe has issued the Flash Player, a release that fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft in attacks on high-profile targets. The Flash Pl
Publish At:2016-06-19 16:15 | Read:5013 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Adobe Adobe Flash APT CVE-

Operation Daybreak

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our technology caught another zero-day Adobe Flash Player exploit deployed in targeted attacks
Publish At:2016-06-17 08:05 | Read:6994 | Comments:0 | Tags:Blog Research Adobe Flash APT Vulnerabilities and exploits Z

ScarCruft APT Group exploited Flash Zero-Day in High-Profile attacks

Security experts from Kaspersky Lab revealed that an APT group dubbed ScarCruft exploited the zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-pro
Publish At:2016-06-15 21:00 | Read:6544 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Adobe Adobe Flash

CVE-2016-4171 – Another Flash Zero-Day exploited in targeted attacks

Adobe states that the Flash Player zero-day vulnerability (CVE-2016-4171) has been exploited in targeted attacks. It will be fixed later this week. Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-
Publish At:2016-06-15 02:45 | Read:4680 | Comments:0 | Tags:Breaking News Hacking Adobe Adobe Flash CVE-2016-4171 target

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:3889 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat

Blast a Hole in Adobe Flash and Earn $100,000

Fancy earning $100,000? Of course, you do.Well, now there’s an opportunity to earn a huge reward if you can demonstrate how Adobe Flash can be exploited.Sounds good right? Well, here’s the bad news for the rest of us: it’s not Adobe offering the money in the form of a bug bounty.Less than a month ago, Adobe proudly announced a series of se
Publish At:2016-01-06 20:15 | Read:7244 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Adobe Adob

Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses

Despite calls to eliminate Adobe Flash Player, researchers inside and outside the vendor continue to invest in and build mitigations against modern attacks.As recently as three weeks ago, Adobe announced it had rewritten its memory manager, laying the groundwork for widespread heap isolation, which is an important protection against use-after-free vulnerabil
Publish At:2016-01-06 03:20 | Read:5843 | Comments:0 | Tags:Web Security Vulnerabilities adobe adobe flash Vupen Adobe F


Tag Cloud