Flash Player Attacked in Latest Cyber-Crime

Uploaded on 2015-06-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

CGLTBBNWwAEQ259.png

According to FireEye, the security company, cyber-crooks are using attack tools aimed at Adobe Flash Player's obsolete editions and have created one exploit to abuse a security flaw, which Adobe patched on May 12, 2015. This is a development that gives rise to certain severe security problems.

FireEye says the vulnerability mentioned is named CVE-2015-3090 as it represents one memory corruption bug that Google Project Zero's Chris Evans unearthed and reported.

The time Adobe issued the patch, it seemingly did not know about any assault, which abused CVE-2015-3090. According to FireEye, the exploit designed to manipulate the vulnerability associates with certain race situation within shader category where it changes certain shader object's height and width, so beginning any shader task would cause the memory corruption flaw. 

Meanwhile, security investigators at FireEye noticed one malicious advertising campaign utilizing CVE-2015-3090 for serving the click fraud malware 'Bedep Trojan.'??Nevertheless, when the system is affected then aside executing ad-fraud activities, Bedep as well begins one infection schedule which ultimately introduces more malware.??

The malicious program requests harmful advertising networks numerous times and the networks divert traffic onto malevolent sites which carry on the linkage towards certain server having any of the Magnitude, Angler, Rig or Nuclear exploits kits.??

There is one particular Bedep referrer to each of the requests from where rapid diversions occur taking the Web-browser onto many domains one-by-one to reach the ultimate destination, investigators at FireEye elaborate. Softpedia.com reported this, May 27, 2015.?

During Angler's instance, a particular diversion occurred from one bogus news portal having "news4news" a string within its URL address.??According to investigator, over 220 Internet Protocol addresses were spotted that sub-domains having "click2" at the beginning of their URLs were utilizing for diversions.??

It's strongly recommended that users avoid the particular network, while maintain up-to-date perimeter security software containing the most recent defense features so exploit kit assaults can be prevented, FireEye concludes.
Spamfighter: http://bit.ly/1IfoJn3

« PWC 2015 Information Security Breaches Survey
Hackers Offered $1k for Vulnerabilites Found in Drupal 8 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Netstar

Netstar

Netstar is an IT Support company based in Central London providing fully managed IT Support, Cyber Security and Technology Consulting services.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.

Monokee

Monokee

Monokee offers a solution that seamlessly integrates powerful Identity and Access Management (IAM) capabilities with a low/no code identity orchestrator.

Dedge Security

Dedge Security

Dedge Security is on a mission to help organizations to create secure Web3 applications and accelerate their businesses with confidence.

AXGATE

AXGATE

AXGATE is a specialized security solutions company based on our distinctive technological capabilities in the field of network information protection.