blog trackingRealtime Web Statistics Flash | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Flash’

How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team

Source: National Cyber Security – Produced By Gregory Evans

If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens of thousands of dollars in just a matter of weeks. After Hacking Team, the Italian spyware vendor, was itself hacked and 400GB of its internal data released onto BitTorrent, Ars reviewed internal e-mails from the company. The chain of e-mails that follow offer a rare look into exactly how new security vulnerabilities get sold to companies and governments around the globe. The Moscow vendor’s first e-mail, dated October 13, 2013, was short and to the point: Hi, is your company interested in buying zero-day vulnerabilities with RCE exploits for the latest versions of Flash Player, Silverlight, Java, Safari? All exploits allow to embed and remote execute custom payloads and demonstrate modern techniques for bypassing ASLR [address space layout randomization] and DEP [data execution prevention]-like protections on Windows, OS X, and iOS without using of unreliable ROP and heap sprays. The e-mail contained no identifying information about its sender except for the e-mail address: tovis@bk.ru. The Hacking Team response, direct from CEO David Vincenzetti, came within 24 hours: Absolutely. Would […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team appeared first on National Cyber Security.

View full post on National Cyber Security

Hacking Team Hack Leaks Adobe Flash Zero-Day

Source: National Cyber Security – Produced By Gregory Evans

Adobe is reporting a critical vulnerability in its popular Flash Player. The software company on Tuesday revealed nearly all versions of the player for Windows, Macintosh and Linux are at risk. This zero-day vulnerability is especially critical, given Trend Micro’s March warning about the troubling combination of exploit kits and malvertising. The security firm warned that zero-day exploits are now being deployed in malicious ads right away, instead of first being used in targeted attacks against enterprises. And this relates directly to Adobe. Trend Micro reported two of the recent Adobe Flash zero-days (CVE-2015-0311 and CVE-2015-0313) were delivered to end users via malvertisements, putting the masses at risk. In the new vulnerability, Adobe said successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe said an exploit targeting this vulnerability has been published publicly. On Tuesday, the firm said a patch should be available July 8. Immediate Weaponization But there’s a bigger story to tell. The flaw was made public after the Hacking Team was hacked. The Italian company has made a name for itself helping governments and intelligence agencies spy on people. But now the tables have apparently been turned […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Hacking Team Hack Leaks Adobe Flash Zero-Day appeared first on National Cyber Security.

View full post on National Cyber Security

A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data

Source: National Cyber Security – Produced By Gregory Evans

Hackers are using a mysterious, as yet undiscovered, Flash vulnerability, to steal sensetive business data from Macbook and Windows users, according to researchers at Kaspersky Lab. Kaspersky Lab revealed the campaign in a threat advisory, warning a hacker group, known as Wild Neutron is using the “unknown Flash Player exploit” to infect companies and private web users with a data siphoning malware. “The initial infection vector from the 2014-2015 attacks is still unknown, although there are clear indications that the victims are exploited by a kit that leverages an unknown Flash Player exploit,” read the advisory. The attacks have reportedly targeted businesses involved in law, the Bitcoin cryptocurrency, investment, IT, healthcare, and real estate. Known targets have been detected in France, Russia, Switzerland, Germany, Austria, Palestine, Slovenia, Kazakhstan, UAE, Algeria, and the United States. Kaspersky Lab director of global research and analysis team Costin Raiu said Wild Neutron’s wide range of targets is atypical and indicates the attackers are significantly more advanced than most cyber crime groups. “The group’s targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the ‘Ansar Al-Mujahideen English Forum’) and Bitcoin companies indicate a flexible yet unusual mindset and interests,” he said. The Kaspersky researchers said […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data appeared first on National Cyber Security.

View full post on National Cyber Security

Adobe FINALLY patches critical Flash Player flaw exploited by Chinese cyber-espionage group

Source: National Cyber Security – Produced By Gregory Evans

Adobe has belatedly rushed out patches for a zero-day security flaw in its widely used Flash Player that had been exploited by a cyber-espionage group based in China for weeks, according to security services specialist FireEye. The group, identified as APT3 by FireEye, had used the vulnerability to attack high-tech companies in aerospace and defence, construction and engineering, IT and telecoms, indicating either an intent to steal valuable intellectual property to sell on or state espionage. “This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (for example, Internet Explorer, Firefox, and Adobe Flash Player),” explained the company in a blog posting. “After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control (CnC) infrastructure is difficult to track, as there is little overlap across campaigns.” Organisations were targeted with phishing emails – indicating the ongoing importance of both email scanning and end-user education – with targets re-directed to a compromised server hosting JavaScript profiling scripts. “Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Adobe FINALLY patches critical Flash Player flaw exploited by Chinese cyber-espionage group appeared first on National Cyber Security.

View full post on National Cyber Security

Flash Zero Day Used to Target Victims in Syria

flash

A few days after Microsoft cautioned clients around another weakness in Internet Explorer that is, no doubt utilized within focused on assaults, Adobe on Monday said that analysts have uncovered a zero day in Flash, too, which ambushers are utilizing to target victimized people as a part of Syria through a watering gap strike on a traded off Syrian government website.   The Adobe Flash zero day was initially recognized in right on time April via analysts at Kaspersky Lab, who say that there are no less than two separate adventures being used at this moment.   The assaults are …continue reading

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Flash Zero Day Used to Target Victims in Syria appeared first on National Cyber Security.

View full post on National Cyber Security

NEWS FLASH Anon-hackers.com tracking your movements just like the Government


OK think your safe how’s this -NEWS FLASH- anon-hackers.com is putting tracking cookies on your computers there are only 2 reasons for this 1 they are advertising to you behind your back or 2 they are the government tracking your moments on the internet! Either way you are being tracked! And correct me if I am wrong but is that the BIG #1 -NO NO- after all that is what you say the Government is doing to violate your rights! Anonymous cannot be trusted! think this is the only site doing this think agen youtu.be join the YRV and fix the world join the YRV the only cookie you will get is the kind you eat! Anonymous, Group, Operation, Anti-Terrorism, Stop, Online, Piracy, Act, National, Defense, Authorization, Cyber, Security, of, internet, free, domain, Censorship, Google, Wikipedia, collective, Blackout, Freedom, Democracy, Occupy, Declaration, War, American, United, States, Revolution, Economy, Dysfunctional, Congress, Government, Citizens, Legion, Forgive, Forget, TheAnonMessage, 2013.

Java and Flash vulnerabilities being exploited by cyber spies

Cyber spies have planted Java- and Flash-exploiting malware on websites focused on human rights, defense and foreign policy.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Apple patches Safari, blocks outdated Flash Player

Apple has patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Adobe Posts Fix For Critical Flash Flaw

View full post on News ≈ Packet Storm

View full post on National Cyber Security

Zero-day Flash bug patched by Adobe in emergency update

Adobe has warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

View full post on Techworld.com security

View full post on National Cyber Security » Computer Hacking

Page 1 of 41234»

My Twitter

Gregory D. Evans On Facebook