#newnav #nav-icon.navbar-toggle { display: none !important; } .nav.navbar-nav.navbar-right.outter-nav.hidden-xs { display: block !important; } body, #newnav { min-width: 775px !important; } #newnav { height: 70px; } #newnav .nav>li { float: left; } #overlay-lang { display: none !important; }

Recent Flash Zero-Day Now Part of Exploit Kits

Posted: October 30, 2015 by Jérôme Segura
Last updated: March 30, 2016

The Adobe Flash Player continues to be the favourite browser plugin threat actors have been focusing on this year. The recent zero-day exploit that was used in targeted attacks is now part of mainstream exploit kits.

Angler EK and Nuclear EK now include the latest CVE-2015-7645 which was patched by Adobe on October 16. This vulnerability affects Adobe Flash up to version 19.0.0.207.

This slideshow requires JavaScript.

Both Exploit Kits are blocked by Malwarebytes Anti-Exploit before they even have the chance to unleash their malicious payload.

Because Flash has been such a hot target this year, it is recommended to either disable it or remove it entirely.

People that choose to keep it should always ensure they are running the latest version but also run an exploit mitigation tool in parallel to account for zero-days.

COMMENTS

RELATED ARTICLES

Cybercrime | Exploits

Neutrino EK picks up momentum in recent attacks

July 15, 2016 - The Neutrino developers have made some changes to the landing page source code as well as integrated a new exploit. The malware campaigns that once were Angler's continue to point to Neutrino including a large malvertising attack on top adult sites we detected a few days ago.

CONTINUE READING No Comments

Exploits | Threat analysis

A look at the Angler-less exploit kit scene

June 17, 2016 - For those tracking exploit kits, the disappearance of the Angler exploit kit last week was a major event. While a lot of questions remain, several clues pointed out that this was no ordinary break, and that something deeper was likely going on. After about ten days without Angler EK, we take a look at the exploit kit landscape.

CONTINUE READING No Comments

Cybercrime | Exploits

Neutrino exploit kit fills in for Angler EK in recent malvertising campaigns

June 10, 2016 - In the past week, the Angler EK has almost completely disappeared. Instead, we see Neutrino EK take center stage in various attacks.

CONTINUE READING No Comments

Cybercrime | Exploits

New wave of malvertising leverages latest Flash exploit

May 25, 2016 - A well known malvertising gang famous for its use of the fingerprinting technique and other evasion tricks to bypass security checks has been ramping up its activity against many different ad platforms to push malware via top websites. The setup for these malvertising attacks relies on a combination of techniques that start with the fraudulent advertiser choosing a victim, typically a legitimate website in the retail, or legal business.

CONTINUE READING 7 Comments