Flash Player Attacked in Latest Cyber-Crime

Uploaded on 2015-06-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

CGLTBBNWwAEQ259.png

According to FireEye, the security company, cyber-crooks are using attack tools aimed at Adobe Flash Player's obsolete editions and have created one exploit to abuse a security flaw, which Adobe patched on May 12, 2015. This is a development that gives rise to certain severe security problems.

FireEye says the vulnerability mentioned is named CVE-2015-3090 as it represents one memory corruption bug that Google Project Zero's Chris Evans unearthed and reported.

The time Adobe issued the patch, it seemingly did not know about any assault, which abused CVE-2015-3090. According to FireEye, the exploit designed to manipulate the vulnerability associates with certain race situation within shader category where it changes certain shader object's height and width, so beginning any shader task would cause the memory corruption flaw. 

Meanwhile, security investigators at FireEye noticed one malicious advertising campaign utilizing CVE-2015-3090 for serving the click fraud malware 'Bedep Trojan.'??Nevertheless, when the system is affected then aside executing ad-fraud activities, Bedep as well begins one infection schedule which ultimately introduces more malware.??

The malicious program requests harmful advertising networks numerous times and the networks divert traffic onto malevolent sites which carry on the linkage towards certain server having any of the Magnitude, Angler, Rig or Nuclear exploits kits.??

There is one particular Bedep referrer to each of the requests from where rapid diversions occur taking the Web-browser onto many domains one-by-one to reach the ultimate destination, investigators at FireEye elaborate. Softpedia.com reported this, May 27, 2015.?

During Angler's instance, a particular diversion occurred from one bogus news portal having "news4news" a string within its URL address.??According to investigator, over 220 Internet Protocol addresses were spotted that sub-domains having "click2" at the beginning of their URLs were utilizing for diversions.??

It's strongly recommended that users avoid the particular network, while maintain up-to-date perimeter security software containing the most recent defense features so exploit kit assaults can be prevented, FireEye concludes.
Spamfighter: http://bit.ly/1IfoJn3

« PWC 2015 Information Security Breaches Survey
Hackers Offered $1k for Vulnerabilites Found in Drupal 8 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.