HackDig : Dig high-quality web security articles for hacker

RIG Exploit Kit the Final Destination of HookAds Malvertising Campaign

The HookAds malvertising campaign redirects users to a landing page for the RIG exploit kit that comes prepackaged with all types of baddies.HookAds, which got its name from a string found by Malwarebytes researchers in the delivery URL, works as follows.A malvertising chain redirects visitors to adult websites that sometimes generate millions of views a mon
Publish At:2016-11-02 13:25 | Read:2055 | Comments:0 | Tags:Latest Security News Exploit Kit Flash Malvertising RIG expl

Critical Adobe Flash bug under active attack currently has no patch

Attackers are exploiting a critical vulnerability in Adobe's widely used Flash Player, and Adobe says it won't have a patch ready until later this week.The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected earlier this month by researchers from antivirus provider Kaspersky Lab, according to a blog post published
Publish At:2016-06-14 22:50 | Read:2808 | Comments:0 | Tags:Risk Assessment Technology Lab Adobe exploits flash malware

New Wave of Malvertising Leverages Latest Flash Exploit

A well known malvertising gang famous for its use of the fingerprinting technique and other evasion tricks to bypass security checks has been ramping up its activity against many different ad platforms to push malware via top websites. The setup for these malvertising attacks relies on a combination of techniques that start with the fraudulent advertiser cho
Publish At:2016-05-25 23:50 | Read:2404 | Comments:0 | Tags:Cybercrime Exploits Angler CVE-2016-4117 domain shadowing ex

Microsoft and Adobe warn of separate zero-day vulnerabilities under attack

Windows users woke up to something that doesn't happen every day: the disclosure of two zero-day vulnerabilities, one in the Microsoft operating system and the other in Adobe's Flash Player.The Windows bug is being actively exploited in the wild, making it imperative that users install fixes that Microsoft released today as part of its May Patch Tuesday. Cat
Publish At:2016-05-10 22:25 | Read:2532 | Comments:0 | Tags:Risk Assessment Technology Lab Adobe exploits flash microsof

Adobe patches Flash bug that’s being exploited to install ransomware

Adobe has rushed out a Flash update to plug a security hole spotted by infosec researchers, who warned that Windows 10 users of the software may have been exposed to the flaw for more than a week.Ne'er-do-wells could exploit the flaw by sending ransomware to Windows 10 machines. Adobe said its updates addressed critical vulnerabilities in Flash, and advised
Publish At:2016-04-08 13:40 | Read:2836 | Comments:0 | Tags:Risk Assessment Adobe cerber flash ransomware security updat

As Cyber Threats Die, Old Attacks Re-emerge

The F-Secure Threat Report offers an exclusive look at the trends and events that defined the digital threat landscape over the last year, chockfull of statistics, timelines, charts and graphs that over an expert’s perspective into the lucrative, scary and ever-evolving world of online crime and combat. You can download the whole thing here. In the la
Publish At:2016-03-10 16:00 | Read:3144 | Comments:0 | Tags:Security chain of compromise F-Secure Threat Report Flash ho

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities.There’s just no good reason for anyone to still be using Flash and browsers, if they don&
Publish At:2015-12-24 00:30 | Read:1842 | Comments:0 | Tags:Exploits/Vulnerabilities facebook flash flash security faceb

Angler exploit kit includes the code of a recent Flash flaw

A security researcher discovered a new variant of the Angler exploit kit that includes the exploit code for a recently patched Adobe Flash Player flaw. The French security researcher “Kafeine” has discovered a new variant of the popular Angler exploit kit that includes the exploit code for a recently patched Adobe Flash Player
Publish At:2015-12-22 20:25 | Read:3137 | Comments:0 | Tags:Cyber Crime Malware Breaking News malware Cybercrime ransomw

Facebook Abandons Flash-Based Video Player, Embraces HTML5

Facebook announced that it has altered its video player to embrace HTML5 instead of Adobe Flash Player.Daniel Baulig, a front-end engineer at Facebook, broke the news late last week on the social network’s blog.“We recently switched to HTML5 from a Flash-based video player for all Facebook web video surfaces, including videos in News Feed, on Pa
Publish At:2015-12-22 00:30 | Read:2109 | Comments:0 | Tags:Latest Security News Adobe Animate Daniel Baulig Facebook Fl

Spike in Malvertising Attacks Via Nuclear EK Pushes Ransomware

We’ve been monitoring a malvertising campaign very closely as it really soared during the past week. The actors involved seem to be the same as the ones behind the self-sufficient Flash malverts/exploits we’ve documented before and reported by security researcher Kafeine (Spartan EK). One single domain (easy-trading.biz) is relaying all traffic t
Publish At:2015-12-11 23:45 | Read:2937 | Comments:0 | Tags:Malvertising exploit flash malvertising ransomware

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.That’s not scary, that’s terrifying.By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, th
Publish At:2015-12-10 11:00 | Read:2211 | Comments:0 | Tags:Exploits/Vulnerabilities hacking-flash flash adobe flash sec

Adobe to Rebrand Flash Professional as Animate

Adobe has recently announced its plans to rebrand Flash as Animate, but some feel it’s little more than a name change when it comes to security.According to Rich Lee, Sr. Product Marketing Manager at Adobe Systems, the change to Animate positions Adobe to more fully respond to the fact that more than a third of all content created in Flash Professional
Publish At:2015-12-03 22:30 | Read:2088 | Comments:0 | Tags:Latest Security News Adobe Animate Craig Young Flash

Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising

While malvertising activity on adult sites has been ‘relatively’ quiet for some time, we started picking up dozens of attacks on moderately popular XXX portals, where moderate still means millions of daily visitors. The modus operandi is quite straightforward and facilitated by a compromised Flash advert directly hosted and served by AdXpansion,
Publish At:2015-12-02 22:45 | Read:2258 | Comments:0 | Tags:Malvertising ads adxpansion flash malvertising

DirectRev Advert Loads Self Sufficient Flash Exploit, CryptoWall

We have been observing a series of malvertising attacks using an unusual but familiar delivery method recently. Indeed, instead of relying on an exploit kit to compromise the victims’ machines, this technique simply relies on a disguised Flash advert that downloads its own exploit and payload. We previously encountered this attack pattern on two occasi
Publish At:2015-11-05 21:00 | Read:2741 | Comments:0 | Tags:Malvertising exploit exploit kit flash malvertising

Angler and Nuclear Exploit Kits Integrate Pawn Storm Flash Exploit

When it comes to exploit kits, it’s all about the timing. Exploit kits often integrate new or zero-day exploits in the hopes of getting a larger number of victims with systems that may not be as up-to-date with their patches. We found two vulnerabilities that were now being targeted by exploit kits, with one being the recent Pawn Storm Flash zero-day. Starti
Publish At:2015-11-04 04:30 | Read:2157 | Comments:0 | Tags:Vulnerabilities adobe flash Angler Exploit Kit Exploit explo

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud