Flash Player Attacked in Latest Cyber-Crime

CGLTBBNWwAEQ259.png

According to FireEye, the security company, cyber-crooks are using attack tools aimed at Adobe Flash Player's obsolete editions and have created one exploit to abuse a security flaw, which Adobe patched on May 12, 2015. This is a development that gives rise to certain severe security problems.

FireEye says the vulnerability mentioned is named CVE-2015-3090 as it represents one memory corruption bug that Google Project Zero's Chris Evans unearthed and reported.

The time Adobe issued the patch, it seemingly did not know about any assault, which abused CVE-2015-3090. According to FireEye, the exploit designed to manipulate the vulnerability associates with certain race situation within shader category where it changes certain shader object's height and width, so beginning any shader task would cause the memory corruption flaw. 

Meanwhile, security investigators at FireEye noticed one malicious advertising campaign utilizing CVE-2015-3090 for serving the click fraud malware 'Bedep Trojan.'??Nevertheless, when the system is affected then aside executing ad-fraud activities, Bedep as well begins one infection schedule which ultimately introduces more malware.??

The malicious program requests harmful advertising networks numerous times and the networks divert traffic onto malevolent sites which carry on the linkage towards certain server having any of the Magnitude, Angler, Rig or Nuclear exploits kits.??

There is one particular Bedep referrer to each of the requests from where rapid diversions occur taking the Web-browser onto many domains one-by-one to reach the ultimate destination, investigators at FireEye elaborate. Softpedia.com reported this, May 27, 2015.?

During Angler's instance, a particular diversion occurred from one bogus news portal having "news4news" a string within its URL address.??According to investigator, over 220 Internet Protocol addresses were spotted that sub-domains having "click2" at the beginning of their URLs were utilizing for diversions.??

It's strongly recommended that users avoid the particular network, while maintain up-to-date perimeter security software containing the most recent defense features so exploit kit assaults can be prevented, FireEye concludes.
Spamfighter: http://bit.ly/1IfoJn3

« PWC 2015 Information Security Breaches Survey
Hackers Offered $1k for Vulnerabilites Found in Drupal 8 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.