HackDig : Dig high-quality web security articles for hacker

Adobe patches multiple flaws including a Flash Zero-Day exploited in the wild

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild. Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks. The version 24.0.0.186 of Flash Player addresses
Publish At:2016-12-13 19:45 | Read:1164 | Comments:0 | Tags:Breaking News Hacking Adobe Adobe Flash CVE-2016-7892 securi

VERT Threat Alert: November 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th.Ease of Use (published exploits) to Risk TableAutomated Exploit   MS16-132MS16-135Easy    Moderate    Difficult    Extremely DifficultMS16-129MS16-1
Publish At:2016-11-10 04:46 | Read:927 | Comments:0 | Tags:Vulnerability Management Adobe Flash internet explorer micro

Adobe patches Flash Zero-Day exploited by ScarCruft APT

Adobe Flash Player 22.0.0.192 release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. Adobe has issued the Flash Player 22.0.0.192, a release that fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft in attacks on high-profile targets. The Flash Pl
Publish At:2016-06-19 16:15 | Read:1020 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Adobe Adobe Flash APT CVE-

Operation Daybreak

Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our technology caught another zero-day Adobe Flash Player exploit deployed in targeted attacks
Publish At:2016-06-17 08:05 | Read:2026 | Comments:0 | Tags:Blog Research Adobe Flash APT Vulnerabilities and exploits Z

ScarCruft APT Group exploited Flash Zero-Day in High-Profile attacks

Security experts from Kaspersky Lab revealed that an APT group dubbed ScarCruft exploited the zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-pro
Publish At:2016-06-15 21:00 | Read:1169 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Adobe Adobe Flash

CVE-2016-4171 – Another Flash Zero-Day exploited in targeted attacks

Adobe states that the Flash Player zero-day vulnerability (CVE-2016-4171) has been exploited in targeted attacks. It will be fixed later this week. Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-
Publish At:2016-06-15 02:45 | Read:1038 | Comments:0 | Tags:Breaking News Hacking Adobe Adobe Flash CVE-2016-4171 target

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:793 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat

Blast a Hole in Adobe Flash and Earn $100,000

Fancy earning $100,000? Of course, you do.Well, now there’s an opportunity to earn a huge reward if you can demonstrate how Adobe Flash can be exploited.Sounds good right? Well, here’s the bad news for the rest of us: it’s not Adobe offering the money in the form of a bug bounty.Less than a month ago, Adobe proudly announced a series of se
Publish At:2016-01-06 20:15 | Read:920 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Adobe Adob

Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses

Despite calls to eliminate Adobe Flash Player, researchers inside and outside the vendor continue to invest in and build mitigations against modern attacks.As recently as three weeks ago, Adobe announced it had rewritten its memory manager, laying the groundwork for widespread heap isolation, which is an important protection against use-after-free vulnerabil
Publish At:2016-01-06 03:20 | Read:1182 | Comments:0 | Tags:Web Security Vulnerabilities adobe adobe flash Vupen Adobe F

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities.There’s just no good reason for anyone to still be using Flash and browsers, if they don&
Publish At:2015-12-24 00:30 | Read:755 | Comments:0 | Tags:Exploits/Vulnerabilities facebook flash flash security faceb

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.That’s not scary, that’s terrifying.By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, th
Publish At:2015-12-10 11:00 | Read:909 | Comments:0 | Tags:Exploits/Vulnerabilities hacking-flash flash adobe flash sec

Flash’s Farewell Under Way

If there’s unanimity among security professionals in anything, it’s in their loathing of Adobe’s Flash Player. There’s yet to be an APT or exploit kit that hasn’t welcomed vulnerabilities in the development platform with open arms. And for all that misery tallied up in lost intellectual property and industrial secrets, and stole
Publish At:2015-12-03 23:40 | Read:770 | Comments:0 | Tags:Vulnerabilities Web Security adobe adobe flash Adobe Flash e

Angler and Nuclear Exploit Kits Integrate Pawn Storm Flash Exploit

When it comes to exploit kits, it’s all about the timing. Exploit kits often integrate new or zero-day exploits in the hopes of getting a larger number of victims with systems that may not be as up-to-date with their patches. We found two vulnerabilities that were now being targeted by exploit kits, with one being the recent Pawn Storm Flash zero-day. Starti
Publish At:2015-11-04 04:30 | Read:1008 | Comments:0 | Tags:Vulnerabilities adobe flash Angler Exploit Kit Exploit explo

Emergency Adobe Flash Update Coming Next Week

The latest version of Adobe Flash Player, which was made available on Tuesday, will have a short shelf life.Adobe will release an emergency Flash update next week after public attacks were carried out against a zero day vulnerability in the latest version of the software, 19.0.0.207, for Windows and Macintosh systems. Adobe said only that the Flash update
Publish At:2015-10-16 03:35 | Read:627 | Comments:0 | Tags:Vulnerabilities Web Security adobe adobe flash Adobe Flash s

New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries

Analysis by Brooks Li, Feike Hacquebord, and Peter Pi Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last cou
Publish At:2015-10-14 04:15 | Read:767 | Comments:0 | Tags:Exploits Targeted Attacks Vulnerabilities adobe flash Pawn S

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud