Hackers Actively Exploiting Latest Adobe Flash Hole -- Redmondmag.com

Hackers Actively Exploiting Latest Adobe Flash Hole

By Chris Paoli
10/17/2017

On Monday Adobe alerted the public that attackers are taking advantage of a remote code execution security vulnerability in its Flash platform in Web browsers.

Security firm Kaspersky Lab researchers first discovered the zero-day flaw, designated CVE-2017-11292, and observed it being used to attack enterprises and government organizations. As of Monday, researchers have found that targets have included targeted individuals (including some politicians) in Iraq, Afghanistan, Russia, Iran, Africa, the Middle East and the United Kingdom.

In response, Adobe has released a Flash security update, currently available for Google Chrome, Microsoft Edge and Internet Explorer, and the company urges users to update both the browser and desktop versions of Flash as soon as possible.

Researchers for the company also confirmed that the group behind the recent attacks also had a hand in another zero-day flaw reported in September and is known as BlackOasis.

The group has been known to exploit vulnerabilities in Flash to upload the FinSpy malware, which is a commercially available tool commonly used for surveillance activites. Kaspersky Lab also argues that this tool is being used in large campaigns by nation states.

"In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets," wrote Kaspersky in a blog post on Monday. "BlackOasis is a significant exception to this – using it against wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible."

Once the FinSpy malware is installed through means like this week's Flash vulnerability, the affected systems connect to command and control servers in Switzerland, the Netherlands and Bulgeria, where data can then be extracted.

Along with Adobe's advice of updating Flash, Kaspersky recommends enterprises use the killbit feature of Flash and completely disable it in systems where it's not needed, along with keeping up to date with all security software updates and conducting regularly scheduled IT infrastructure threat assessments.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.