Home Tags The Flash

Tag: The Flash

81% off Centon 4 GB DataStick Pro USB 2.0 Flash Drive...

This 4GB USB drive from Centon is just a little over $3 right now -- so cheap that Amazon won't ship it on its own.

But if your cart totals $25 or more, toss in some of these sticks right now for dirt cheap.

The flash drive is built with a sturdy aluminum housing, works on both PC and Mac, and is a cheap & simple way to move files around.
It's listed on Amazon as an add-on item, meaning its cost prohibitive to ship on its own, but if your cart totals $25 or more, take advantage of this deal and get yourself 4GB of portable storage for a whopping 81% off its typical list price.

The sticks right now are listed for just $3.33.
See this deal on Amazon. To read this article in full or to leave a comment, please click here

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.

VU#247016: Flash Seats Mobile App for Android and iOS fails to...

Flash Seats Mobile App for Android,version 1.7.9 and earlier,and for iOS,version 1.9.51 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

Microsoft rolls out KB 4010250 Flash Player update for Windows 8.1...

Microsoft has released an old-fashioned Security Bulletin, MS 17-005, which shepherds a handful of patches for various versions of Windows.

The patches, all called KB 4010250, implement the Flash Player fixes contained in Adobe's APSB17-04, which fi...

RHSA-2017:0057-1: Critical: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofCritical.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe FlashPlayer web browser plug-in.This update upgrades Flash Player to version 24.0.0.194.Security Fix(es):* This update fixes multiple vulnerabilities in Adobe Flash Player.

Thesevulnerabilities, detailed in the Adobe Security Bulletin listed in theReferences section, could allow an attacker to create a specially crafted SWFfile that would cause flash-plugin to crash, execute arbitrary code, or disclosesensitive information when the victim loaded a page containing the malicious SWFcontent. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934,CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938) Red Hat Enterprise Linux Desktop Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   Red Hat Enterprise Linux Server Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   Red Hat Enterprise Linux Workstation Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   (The unlinked packages above are only available from the Red Hat Network) 1411929 - CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 flash-plugin: multiple code execution issues fixed in APSB17-02 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Adobe patches critical flaws in Flash Player, Reader, and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers. The Flash Player update fixes 13 vulnerabilities, 12 that can lead to remote code execution and one that allows attackers to bypass a security restriction and disclose information.

Adobe is not aware of any exploit for these flaws existing in the wild. Users are advised to upgrade to Flash Player version 24.0.0.194 on Windows, Mac and Linux.

The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer will be automatically upgraded through those browsers' respective update mechanisms. The Adobe Reader and Acrobat updates address 29 vulnerabilities, 28 of which can lead to arbitrary code execution. Like with the Flash Player flaws, Adobe is not aware of any of these vulnerabilities being exploited by attackers. The company advises Acrobat and Reader DC users to upgrade to version 15.023.20053 if they use the "continuous" release track or to version 15.006.30279 if they're on the "classic" track. Users of the older, but still supported, Acrobat XI and Reader XI should upgrade to version 11.0.19. Because of their security sandbox which makes exploits significantly harder to implement, Adobe Reader and Acrobat are rarely targeted by hackers today compared to be some years ago. However, Flash Player remains a hacker favourite, with zero-day attacks against it being relatively common and with exploits being integrated into widely used Web-based attack tools.

It’s now 2017, and your Windows PC can still be pwned...

Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious page gain elevated access privileges when the user clicks on a link. "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain," Microsoft says of CVE-2017-0002. The update will only be pushed out to Windows 10 and Server 2016. MS17-002 addresses a memory corruption issue in Office that allows for remote code execution in Office 2016 and SharePoint Enterprise Server 2016. The flaw, designated CVE-2017-0003, allows a specially crafted Word file to take control of the target system with the current user's access privileges.

The vulnerability was spotted by Tony Loi of FortiGuard Labs. MS17-003 is Microsoft's edition of the January Flash Player update to remedy 12 security flaws.

The patch will be automatically pushed to Windows users running Microsoft Edge or Internet Explorer 11. MS17-004 addresses a denial of service vulnerability in Local Security Authority Subsystem Service for older versions of Windows and Windows Server. Microsoft says that an attacker who sent a specially crafted authentication request to the targeted Windows (Vista through 7) or Windows Server (2008 to 2008 R2) box could trigger an automatic reset.

Discovery of the flaw, CVE-2017-0004, was credited to Nicolás Economou and Laurent Gaffie from Core Security. Meanwhile, Adobe is updating both Flash Player and Acrobat/Reader for Windows, macOS, and Linux desktops. The Flash Player update covers 13 vulnerabilities, none of which have been actively targeted in the wild yet.

Adobe is rating the fix as a critical priority for both Windows and macOS systems, as a successful exploit could allow for remote code execution. Linux systems are thought to be at lower risk for attack, but should still install the update as needed. The Adobe Acrobat and Reader update patches up 29 CVE-listed problems, including a number of remote code execution flaws in both Windows and macOS.

Adobe says it has not yet received reports of active exploits in the wild. By the way, if you update Reader, bear in mind it comes with a little surprise: a Chrome extension that sends Adobe telemetry. ® Sponsored: Customer Identity and Access Management

RHSA-2016:2947-1: Critical: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofCritical.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe FlashPlayer web browser plug-in.This update upgrades Flash Player to version 24.0.0.186.Security Fix(es):* This update fixes multiple vulnerabilities in Adobe Flash Player.

Thesevulnerabilities, detailed in the Adobe Security Bulletin listed in theReferences section, could allow an attacker to create a specially crafted SWFfile that would cause flash-plugin to crash, execute arbitrary code, or disclosesensitive information when the victim loaded a page containing the malicious SWFcontent. (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870,CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875,CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880,CVE-2016-7881, CVE-2016-7890, CVE-2016-7892) Red Hat Enterprise Linux Desktop Supplementary (v. 6) IA-32: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   Red Hat Enterprise Linux Server Supplementary (v. 6) IA-32: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   Red Hat Enterprise Linux Workstation Supplementary (v. 6) IA-32: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   x86_64: flash-plugin-24.0.0.186-1.el6_8.i686.rpm     MD5: b6b6f1d3fc5504a6a93dbadddc4353f8SHA-256: 2f0c4e7ec7805b9edcf4fb403f83b4fee4a08e4b60dfc85dd103b01224ea289f   (The unlinked packages above are only available from the Red Hat Network) 1404307 - flash-plugin: multiple code execution issues fixed in APSB16-39 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on...

Who the hell needs zero days? A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated. The vulnerability (CVE-2015-7645) patched in October last year was the first zer...

Flash Player remains target of choice for exploit kits

Clearly, reports of Flash's death are greatly exaggerated, as exploit kits continue to successfully infect victims via unpatched versions of Flash Player. Instead of sounding Flash's death knell, get to patching. Adobe Flash Player has the dubious hono...

Millions exposed to malvertising that hid attack code in banner pixels

reader comments 67 Share this story Millions of people visiting mainstream websites over the past two months have been exposed to a novel form of malicious ads that embed attack code in individual pixels of the banners. Researchers from antivirus provider Eset said "Stegano," as they've dubbed the campaign, dates back to 2014.

Beginning in early October, its unusually stealthy operators scored a major coup by getting the ads displayed on a variety of unnamed reputable news sites, each with millions of daily visitors.

Borrowing from the word steganography—the practice of concealing secret messages inside a larger document that dates back to at least 440 BC—Stegano hides parts of its malicious code in parameters controlling the transparency of pixels used to display banner ads. While the attack code alters the tone or color of the images, the changes are almost invisible to the untrained eye.Enlarge / Left: Clean picture; middle: picture with malicious content; right: malicious version enhanced for illustrative purposes. Eset The malicious script is concealed in the alpha channel that defines the transparency of pixels, making it extremely difficult for even sharp-eyed ad networks to detect.

After verifying that the targeted browser isn't running in a virtual machine or connected to other types of security software often used to detect attacks, the script redirects the browser to a site that hosts three exploits for now-patched Adobe Flash vulnerabilities. "We can say that even some of the other major exploit kits, like Angler and Neutrino, are outclassed by the Stegano kit in terms of referrals—the websites onto which they managed to get the malicious banners installed," Eset researchers wrote in a report published Tuesday. "We have observed major domains, including news websites visited by millions of people every day, acting as 'referrers' hosting these advertisements. Upon hitting the advertising slot, the browser will display an ordinary-looking banner to the observer.

There is, however, a lot more to it than advertising." The ads promote applications calling themselves "Browser Defence" and "Broxu" and targeted people who visited the news sites using Internet Explorer browsers.

The script concealed in the pixels exploited a now-patched IE vulnerability indexed as CVE-2016-0162 to obtain details about the visitors' computers.

Among other things, the script checked for the presence of packet capture, sandboxing, and virtualization software and a variety of security products. Machines that didn't exhibit signs of the software and contained a vulnerable version of Flash were then redirected to the exploit site, which would serve one of two families of malware.

The Ursnif family is made up mainly of modules for stealing e-mail credentials, logging keystrokes, taking screenshots and videos, and acting as a backdoor.

The Ramnit variety of malware offers most of the same capabilities and mainly targets the banking industry. The attackers took extra pains to ensure the machines being infected didn't belong to security-savvy people who might detect what was happening.
In addition to a check carried out by the script embedded in the ad, a separate check was carried out by the exploit server before going through with the attack.

The Eset report didn't identify any of the sites that delivered the malicious ads.
It did say that the people exposed were concentrated in Canada, the UK, Australia, Spain, and Italy, which are the countries served by the affected ad networks.

Earlier versions of the campaign from 2014 and 2015 targeted people in the Netherlands and the Czech Republic.

The Flash vulnerabilities exploited included CVE-2015-8641, CVE-2016-1019, and CVE-2016-4117. Update: To execute the hidden payload, the malicious ads load a heavily modified version of Countly, an open-source package for measuring website traffic.

That JavaScript extracts the hidden code out of the image and executes it.

Because there's nothing per se malicious in the JavaScript, ad networks fail to detect what's happening. Referring to an ad located at hxxps://browser-defence.com/ads/s/index.html?w=160&h=600, Eset researchers described it this way: The index.html loads countly.min.js and feeds the initial parameters to the script.

This countly, however, is not the stock library of the open source mobile & web analytics platform you would download from github.
It is a heavily modified and obfuscated version, with some parts deleted and interlaced with custom code.

This custom code is responsible for an initial environment check.
Information about the environment is reported back to the server as XOR-encrypted parameters of the 1x1gif file, as captured in the image above. The following information about the environment is sent:systemLocale^screenResolution^GMT offset^Date^userAgent^pixelRatio After that, the script will request the advertising banner.

The server will reply with either a clean or a malicious version, most likely also depending on the previous environment check. The script will then attempt to load the banner and read the RGBA structure.
If a malicious version of the image was received, it will decode some Javascript and variables from the alpha channel The steganography is implemented in the following way: Two consecutive alpha values represent the tens and ones of a character code, encoded as a difference from 255 (the full alpha). Moreover, in order to make the change more difficult to spot by naked eye, the difference is minimized using an offset of 32. Researchers from Eset competitor Malwarebytes have published their own write-up of the campaign, which they are calling AdGholas. Despite targeting only people using IE and unpatched versions of Flash, Stegano is noteworthy for its concealment of exploit code in the pixels of the banner ads.

There's no reason future campaigns—or possibly ongoing ones that have yet to be discovered—couldn't exploit zero-day vulnerabilities that infected a much larger base of people. Until ad networks get much better at detecting malvertising campaigns, the scourge is likely to continue.

Flash Exploit Found in Seven Exploit Kits

A nasty Adobe Flash zero-day vulnerability that was remediated in an emergency update in October 2015 was thereafter co-opted by seven exploit kits, according to an analysis published today by researchers at Recorded Future. The Adobe vulnerability, CVE-2015-7645, was also used by the Russian APT group known as APT 28, which laced spear phishing emails with exploits targeting foreign affairs ministries worldwide.

APT 28, also known as Sofacy, frequently targets NATO-allied political targets and in November was singled out by Microsoft for using separate Flash and Windows zero days in targeted attacks this year. The Flash bug was among the first to be used after Adobe implemented new mitigations into the software to combat memory-based attacks.

Despite the improvements in Flash security, attackers still take a shine to these exploits. Recorded Future’s report “New Kit, Same Player” says that six of the top 10 vulnerabilities used in exploit kits were Flash Player bugs, followed by Internet Explorer, Windows and Silverlight exploits. None of this year’s top 10 vulnerabilities were present in a similar analysis done last year. Exploit kits, meanwhile, have been reduced in prominence since the disappearance of a number of popular kits, including Angler and Nuclear.

Angler, in particular, was particularly popular with criminals; it was updated frequently and sold in a number of underground forums.

The June arrest of a Russian cybercrime outfit behind the Lurk Trojan, however, spelled the end of days for Angler. Researchers at Kaspersky Lab confirmed the connection between the Lurk gang and Angler distribution in an August report. Nonetheless, exploit kits remain a threat and a vehicle for attacks that include ransomware, click fraud and adware.
Victims are compromised in a number of ways, including drive-by attacks, malvertising or links in emails, all of which direct the victim’s browser to the exploit kit’s landing page.

Code on the page determines the browser being used and launches the exploit mostly likely to hit paydirt. CVE-2015-7645 was found in Angler, as well as in Neutrino, Magnitude, RIG, Nuclear Pack, Spartan and Hunger.
It, by far, had the highest penetration into exploits kits, according to Recorded Future. But since Angler’s demise earlier this year, Sundown has risen to a measure of prominence with its maintainers updating the kit often with new exploits.
Sundown’s payload, however, differs in that it drops banking Trojans on users’ machines. Recorded Future said this kit also relies on domain shadowing more than its counterparts in order to register subdomains that are used to host attacks. Sundown also contained CVE-2016-0189, an Internet Explorer bug used in targeted attacks against South Korean organizations earlier this year. Microsoft patched it in July, but already it had been used by Neutrino as well.

The IE bug, Recorded Future said, was the top flaw found in exploit kits, referenced more than 600 times.

CVE-2016-1019 and CVE-2016-4117, two other Flash Player bugs, round out the top three.

CVE-2016-4117 was used by the ScarCruft APT group, Kaspersky Lab researchers said in June, in watering hole attacks.