VB Migration

Tag: flash player

  • Patch early, patch often, but don’t blindly trust every ‘patch’

    Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…

  • Patch early, patch often, but don’t blindly trust every ‘patch’

    Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…

  • There is no evidence in-the-wild malware is using Meltdown or Spectre

    Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…

  • There is no evidence in-the-wild malware is using Meltdown or Spectre

    Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…

  • Adobe issues patch for yet another Flash Player zero-day

    CVE-2015-0313 used in the wild as long ago as December. Adobe has just issued an out-of-band patch for its Flash Player to fix a zero-day vulnerability that is actively being exploited in the wild. You may be forgiven for thinking you had already patched this two weeks ago when Flash Player version 16.0.0.287 fixed CVE-2015-0310…

  • VB2014 paper: Ubiquitous Flash, ubiquitous exploits and ubiquitous mitigation

    Chun Feng and Elia Florio analyse two Flash Player vulnerabilities and an IE one where Flash provides a helping hand. Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Ubiquitous Flash, ubiquitous exploits and…

  • Alleged Flash Player zero-day used in Angler exploit kit

    Adobe ‘investigating reports’. Vulnerable browser plug-ins are one of the most important infection vectors, which is why it is so important to keep them up to date. If you don’t, visiting a website infected with an exploit kit (a toolkit that attempts to exploit a number of vulnerabilities at once) could result in malware being…