Adobe FINALLY patches critical Flash Player flaw exploited by Chinese cyber-espionage group

Source: National Cyber Security – Produced By Gregory Evans

Adobe has belatedly rushed out patches for a zero-day security flaw in its widely used Flash Player that had been exploited by a cyber-espionage group based in China for weeks, according to security services specialist FireEye. The group, identified as APT3 by FireEye, had used the vulnerability to attack high-tech companies in aerospace and defence, construction and engineering, IT and telecoms, indicating either an intent to steal valuable intellectual property to sell on or state espionage. “This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (for example, Internet Explorer, Firefox, and Adobe Flash Player),” explained the company in a blog posting. “After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors. APT3’s command and control (CnC) infrastructure is difficult to track, as there is little overlap across campaigns.” Organisations were targeted with phishing emails – indicating the ongoing importance of both email scanning and end-user education – with targets re-directed to a compromised server hosting JavaScript profiling scripts. “Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Adobe FINALLY patches critical Flash Player flaw exploited by Chinese cyber-espionage group appeared first on National Cyber Security.

View full post on National Cyber Security