VB Migration

Tag: adobe

  • There is no evidence in-the-wild malware is using Meltdown or Spectre

    Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…

  • There is no evidence in-the-wild malware is using Meltdown or Spectre

    Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…

  • Paper: Script in a lossy stream

    Dénes Óvári explains how to store code in lossily compressed JPEG data. Malformed PDFs have become a common way to deliver malware. Naturally, when this started to happen, anti-virus products began scanning inside PDF files for traces of malicious code and, equally naturally, malware authors started to obfuscate that code to circumvent scanners. Not everything…

  • Adobe issues patch for yet another Flash Player zero-day

    CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being exploited in the wild. You may be forgiven for thinking you had already patched this two weeks ago when Flash Player version 16.0.0.287 fixed CVE-2015-0310…

  • Adobe to patch Flash Player zero-day next week

    Patch due next week as malvertising leads to Bedep trojan downloader. As the news of a zero-day vulnerability in Adobe ‘s Flash Player actively being exploited reached the security community, the company made an out-of-band patch available on its website. It now appears that this update – version 16.0.0.287 – patches another vulnerability ( CVE-2015-0310…

  • Alleged Flash Player zero-day used in Angler exploit kit

    Adobe ‘investigating reports’. Vulnerable browser plug-ins are one of the most important infection vectors, which is why it is so important to keep them up to date. If you don’t, visiting a website infected with an exploit kit (a toolkit that attempts to exploit a number of vulnerabilities at once) could result in malware being…

  • VB2014 preview: Ubiquitous Flash, ubiquitous exploits and ubiquitous mitigation

    Chun Feng and Elia Florio look at exploits targeting domain memory opcode in Adobe Flash. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, we look at the paper ‘ Ubiquitous Flash, ubiquitous exploits and…

  • ‘123456’ may be an adequate password to protect nothing

    Are we giving users the right kind of advice when it comes to password security? A recent data-breach at Adobe has shown once again that a lot of users choose the most trivial of passwords to protect their online accounts. But is this really what we should be focusing on? As data-breaches go, the recent…

  • Adobe releases emergency update for Flash Player

    Zero-day exploit actively being abused. Adobe has announced it will release an update for its Flash Player on Friday 15 April, fixing a vulnerability that is currently being exploited. The vulnerability, which affects Flash Player 10.2.x on Windows , Macintosh , Linux and Solaris , can be used by attackers to take control of an…

  • Extra-large crop of updates for Patch Tuesday

    Fourteen security alerts from Microsoft join two from Adobe. Microsoft ‘s monthly Patch Tuesday security bulletins came out this week, featuring a chunky 14 separate alerts with many covering multiple issues. Eight of the new alerts were rated ‘Critical’, with the remaining six marked as ‘Important’. In addition to Microsoft ‘s updates, Adobe also released…