1.    4 Weeks Ago #1
    Join Date : Oct 2013
    Posts : 25,179
    64-bit Windows 10 Pro build 17040

    Kaspersky Lab discovers Adobe Flash Zero Day used in the wild


    Woburn, MA – October 16, 2017 – The Kaspersky Lab advanced exploit prevention system has identified a new Adobe Flash zero day exploit, used in an attack on October 10, 2017 by a threat actor known as BlackOasis. The exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware. Kaspersky Lab has reported the vulnerability to Adobe, which has issued an advisory. According to Kaspersky Lab researchers, the zero day, CVE-2017-11292, has been spotted in a live attack, and they advise businesses and government organizations to install the update from Adobe immediately.

    The researchers believe that the group behind the attack was also responsible for CVE-2017-8759, another zero day, reported in September – and they are confident that the threat actor involved is BlackOasis, which the Kaspersky Lab Global Research and Analysis Team began tracking in 2016.

    Analysis reveals that, upon successful exploitation of the vulnerability, the FinSpy malware (also known as FinFisher) is installed on the target computer. FinSpy is a commercial malware, typically sold to nation states and law enforcement agencies to conduct surveillance. In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets. BlackOasis is a significant exception to this – using it against a wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible.

    The malware used in the attack is the most recent version of FinSpy, equipped with multiple anti-analysis techniques to make forensic analysis more difficult.

    After installation, the malware establishes a foothold on the attacked computer and connects to its command and control servers located in Switzerland, Bulgaria and the Netherlands, to await further instructions and exfiltrate data.

    Based on Kaspersky Lab’s assessment, the interests of BlackOasis span a whole gamut of figures involved in Middle Eastern politics, including prominent figures in the United Nations, opposition bloggers and activists, as well as regional news correspondents. They also appear to have an interest in verticals of particular relevance to the region. During 2016, the company’s researchers observed a heavy interest in Angola, exemplified by lure documents indicating targets with suspected ties to oil, money laundering and other activities. There is also an interest in international activists and think tanks.

    So far, victims of BlackOasis have been observed in the following countries: Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.

    “The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities,” said Anton Ivanov, lead malware analyst at Kaspersky Lab. “Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.”

    Kaspersky Lab security solutions successfully detect and block exploits utilizing the newly discovered vulnerability.

    Kaspersky Lab experts advise organizations to take the following actions to protect their systems and data against this threat:

    • If not already implemented, use the killbit feature for Flash software and, wherever possible, disable it completely.
    • Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
    • Educate and train personnel on social engineering tactics as this method is often used to make a victim open a malicious document or click on an infected link.
    • Conduct regular security assessments of the organization’s IT infrastructure.
    • Use Kaspersky Lab’s Threat Intelligence, which tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more at intelreports@kaspersky.com.

    For technical details, including indicators of compromise and YARA rules, please read the blogpost on Securelist.com.


    Source: Kaspersky Lab discovers Adobe Flash Zero Day used in the wild by a threat actor to deliver spyware


    See also: Adobe Security Bulletin
      My ComputersSystem Spec
  2.    4 Weeks Ago #2
    Join Date : Dec 2016
    Posts : 156
    Win 10 rs1 - build 14393.1794

    Adobe Flash updated to day to 27.0.0.170:

    Latest Version of Adobe Flash Player - Windows 10 Forums
      My ComputerSystem Spec
  3.    4 Weeks Ago #3
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 17,548
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu

    One of the reasons when Edge first came out, and I saw this:
    Click image for larger version. 

Name:	Image 002.png 
Views:	2 
Size:	25.6 KB 
ID:	158424
    My reaction was "WTF Microsoft?!"

    Then I found out it was worse then that...
    It's embedded in the system!
    With no way to uninstall it!
      My ComputersSystem Spec
  4.    4 Weeks Ago #4
    Join Date : Oct 2014
    Arnold, MD
    Posts : 28,953
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by Cliff S View Post
    One of the reasons when Edge first came out, and I saw this:
    Click image for larger version. 

Name:	Image 002.png 
Views:	2 
Size:	25.6 KB 
ID:	158424
    My reaction was "WTF Microsoft?!"

    Then I found out it was worse then that...
    It's embedded in the system!
    With no way to uninstall it!
    Yep! That little word "embedded"......gotcha!!

    Click image for larger version. 

Name:	2017-10-16_18h44_46.png 
Views:	2 
Size:	30.2 KB 
ID:	158425
      My ComputersSystem Spec
  5.    4 Weeks Ago #5
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 17,548
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu

    Embedded:
    Click image for larger version. 

Name:	image.png 
Views:	3 
Size:	80.2 KB 
ID:	158426

    Click image for larger version. 

Name:	image.png 
Views:	2 
Size:	285.0 KB 
ID:	158427
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Adobe Flash
Hey, do I need a separate installation of Adobe Flash for each browser?
Browsers and Email
Kaspersky Lab discovers Silverlight zero-day vulnerability
Read more: Kaspersky Lab discovers Silverlight zero-day vulnerability | ZDNet
Windows 10 News
New Flash Player Zero-Day in The Wild
A new flaw in latest version of Flash to be patched next week. On my systems I use the free version of Malwarebytes Anti-Exploit to protect my systems. I guess we will see another updated from MS also. ...
Windows 10 News
What's going on with Adobe Flash?
I've worked on three PC's today, and each one is having the same problems with Flash. I get error messages that Flash is out of date and needs to be updated, but..... none of my attempts to update it have worked. What used to be so simple has...
Software and Apps
Adobe Flash
I keep getting a notice from Adobe Flash stating that I need to install a critical update in W10 Preview 9879. But it cannot be installed, see attachment. Has anyone else had this problem ? and should one need to download Flash in W10.
Browsers and Email
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:25.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums