New Flash Player zero-day used against Russian facility

Credit to Author: Jérôme Segura| Date: Wed, 05 Dec 2018 22:44:59 +0000

An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic

Categories:

Tags:

(Read more…)

The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.

Read more

Patch Tuesday, November 2018 Edition

Credit to Author: BrianKrebs| Date: Wed, 14 Nov 2018 13:25:13 +0000

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe’s also got security patches available for Flash, Acrobat and Adobe Reader users. 

Read more

Patch Tuesday, September 2018 Edition

Credit to Author: BrianKrebs| Date: Tue, 11 Sep 2018 20:35:27 +0000

Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, including several flaws that were publicly detailed prior to today and one “zero-day” bug in Windows that is already being actively exploited by attackers.

Read more

Drive-by download campaign targets Chinese websites, experiments with exploits

Credit to Author: Jérôme Segura| Date: Thu, 22 Feb 2018 16:00:00 +0000

This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.

Categories:

Tags:

(Read more…)

The post Drive-by download campaign targets Chinese websites, experiments with exploits appeared first on Malwarebytes Labs.

Read more

An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)

Credit to Author: Quick Heal Security Labs| Date: Wed, 07 Feb 2018 13:59:42 +0000

Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in…

Read more

Microsoft’s Jan. 2018 Patch Tuesday Lowdown

Credit to Author: BrianKrebs| Date: Wed, 10 Jan 2018 16:07:35 +0000

Microsoft on Tuesday released 14 security updates, including fixes for the Spectre and Meltdown flaws detailed last week, as well as a zero-day vulnerability in Microsoft Office that is being exploited in the wild. Separately, Adobe pushed a security update to its Flash Player software.

Read more

Adobe, Microsoft Patch Critical Cracks

Credit to Author: BrianKrebs| Date: Tue, 14 Nov 2017 23:12:32 +0000

It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.

Read more

Microsoft’s October Patch Batch Fixes 62 Flaws

Credit to Author: BrianKrebs| Date: Wed, 11 Oct 2017 14:18:40 +0000

Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.

Read more

Malvertising on Equifax, TransUnion tied to third party script (updated)

Credit to Author: Jérôme Segura| Date: Thu, 12 Oct 2017 21:42:28 +0000

We take a look at the the recent malvertising incident that happened on Equifax’s site and show how it also affected TransUnion.

Categories:

Tags:

(Read more…)

The post Malvertising on Equifax, TransUnion tied to third party script (updated) appeared first on Malwarebytes Labs.

Read more

Malvertising on Equifax, TransUnion tied to third party script

Credit to Author: Jérôme Segura| Date: Thu, 12 Oct 2017 21:42:28 +0000

Equifax’s website is once again infected, this time with malvertising that redirects to a fake Flash player. Further investigation reveals TransUnion was also targeted.

Categories:

Tags:

(Read more…)

The post Malvertising on Equifax, TransUnion tied to third party script appeared first on Malwarebytes Labs.

Read more