Flash Player Attacked in Latest Cyber-Crime

Uploaded on 2015-06-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

CGLTBBNWwAEQ259.png

According to FireEye, the security company, cyber-crooks are using attack tools aimed at Adobe Flash Player's obsolete editions and have created one exploit to abuse a security flaw, which Adobe patched on May 12, 2015. This is a development that gives rise to certain severe security problems.

FireEye says the vulnerability mentioned is named CVE-2015-3090 as it represents one memory corruption bug that Google Project Zero's Chris Evans unearthed and reported.

The time Adobe issued the patch, it seemingly did not know about any assault, which abused CVE-2015-3090. According to FireEye, the exploit designed to manipulate the vulnerability associates with certain race situation within shader category where it changes certain shader object's height and width, so beginning any shader task would cause the memory corruption flaw. 

Meanwhile, security investigators at FireEye noticed one malicious advertising campaign utilizing CVE-2015-3090 for serving the click fraud malware 'Bedep Trojan.'??Nevertheless, when the system is affected then aside executing ad-fraud activities, Bedep as well begins one infection schedule which ultimately introduces more malware.??

The malicious program requests harmful advertising networks numerous times and the networks divert traffic onto malevolent sites which carry on the linkage towards certain server having any of the Magnitude, Angler, Rig or Nuclear exploits kits.??

There is one particular Bedep referrer to each of the requests from where rapid diversions occur taking the Web-browser onto many domains one-by-one to reach the ultimate destination, investigators at FireEye elaborate. Softpedia.com reported this, May 27, 2015.?

During Angler's instance, a particular diversion occurred from one bogus news portal having "news4news" a string within its URL address.??According to investigator, over 220 Internet Protocol addresses were spotted that sub-domains having "click2" at the beginning of their URLs were utilizing for diversions.??

It's strongly recommended that users avoid the particular network, while maintain up-to-date perimeter security software containing the most recent defense features so exploit kit assaults can be prevented, FireEye concludes.
Spamfighter: http://bit.ly/1IfoJn3

« PWC 2015 Information Security Breaches Survey
Hackers Offered $1k for Vulnerabilites Found in Drupal 8 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

Everything Blockchain

Everything Blockchain

Everything Blockchain is a development, architecture, and software designer of Blockchain that also provides services specializing in blockchain technologies and decentralized processing.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

HLB System Solutions

HLB System Solutions

HLB System Solutions: Empowering businesses with proactive IT management, consulting, security, and cloud solutions. Seamless tech for growth!