Tag: 0day | Page 7

Mindless Flash masses saved as exploit kit devs go astray with 0day – The Register

April 11, 2016/in Internet Security

Mindless Flash masses saved as exploit kit devs go astray with 0day
The Register
Malwarebytes hacker Jerome Segura says black hats have made a mess of efforts to unleash an Adobe Flash zero day vulnerability as part of their popular exploit kit, reducing the pool of potential victims. If done right, the remote code execution …
Cyberattackers botch integration of Adobe Flash zero-day vulnerability in exploit kitsZDNet
Another Emergency Update for FlashTop Tech News
The latest Flash zero-day was used to spread Cerber ransomwareCIO India

all 16 news articles »

“exploit kit” – read more

Is that a Flash 0-day hole I see before me? 60 Sec Security [VIDEO]

July 13, 2015/in Internet Security

Patches, hacking and keeping your head down online: our weekly 1-minute fun news video that’s educational, too!
Naked Security – Sophos

Hacking Team’s Flash 0-day: Potent enough to infect actual Chrome user

July 10, 2015/in Internet Security

The Adobe Flash zero-day exploit that spyware developer Hacking Team made available to customers worked successfully against even the advanced defenses found in Google’s Chrome browser, researchers said Friday. They also noted that it was used to infect computer users multiple times before it was leaked.

Google developers patched the underlying Flash vulnerability in Chrome on Tuesday (for proof, use enter about:version in the address bar and note the Flash version), and Adobe published a general fix a day later.

The leak of the previously unknown exploit resulting from the devastating hack of Hacking Team last weekend and exploit kits available on the black market quickly added attack code to use the flaw. It allows attackers to surreptitiously install malware on targets’ computers, and there’s evidence that before last weekend’s breach, Hacking Team customers used the Flash zero-day against live targets.

Read 8 remaining paragraphs | Comments

Ars Technica » Technology Lab

Google publishes third Windows 0-day vulnerability in a month

January 17, 2015/in Computer Security

Google ignored Microsoft’s calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days.

The new vulnerability, which was confirmed on Windows 7 and 8.1, might constitute a security feature bypass for the way applications can encrypt their memory so that data can be exchanged between processes running under the same logon session.

“The issue is the implementation in CNG.sys doesn’t check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session,” the Google Project Zero researchers said in a description of the flaw. “This might be an issue if there’s a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.”

To read this article in full or to leave a comment, please click here

Network World Security

Tag Archive for: 0day