The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property(IP),as well as the management of access rights for such IP.
The methods are flawed and,in the most egregious cases,enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key,among other impacts.
On October 10, 2017, Kaspersky Labrsquo;s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers.
The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today.
Corporate information security services often turn out to be unprepared: their employees underestimate the speed, secrecy and efficiency of modern cyberattacks and do not recognize how ineffective the old approaches to security are.
And if there is no clear understanding of what sort of incident it is, an attack cannot be repelled. We hope that our recommendations about identifying incidents and responding to them will help information security specialists create a solid foundation for reliable multi-level business protection.