Unit 42 investigates a recent Fake Flash update pushing cryptocurrency mining software. Get the full report.
Unit 42 researcher uncovers two new Adobe Flash Vulnerabilities.
Unit 42 identifies malicious sites associated with the Magnitude Exploit Kit.
Unit 42 researcher Tao Yan discovered three new Adobe Flash vulnerabilities.
Palo Alto Networks researcher Tao Yan discovers two new Adobe Flash Vulnerabilities.
As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have reported six vulnerabilities that have been fixed by Apple, Adobe and Microsoft. This includes two vulnerabilities in Apple WebKit and impacts iCloud for Windows, Safari, iTunes for Windows, tvOS and iOS. CVE-2016-7639: Tongbo Luo CVE-2016-7642:
Palo Alto Networks was recently credited with the discovery of eight new vulnerabilities affecting Adobe Flash Player. Researcher Tao Yan discovered critical vulnerabilities CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, and CVE-2016-4285 affecting Adobe Flash Player. Descriptions of each, as well as details on affected versions and products, are included in the following Adobe Security
While recently researching unknown malware and attack campaigns using the AutoFocus threat intelligence platform, Unit 42 discovered new activity that appears related to an adversary group previously called “C0d0so0” or “Codoso”. This group is well known for a widely publicized attack involving the compromise of Forbes.com, in which the site was used to compromise selected
A June 23 FireEye blog post titled “Operation Clandestine Wolf” discussed a cyber espionage group, known as APT3, that had been exploiting a zero-day vulnerability in Adobe Flash. Unit 42 also tracks the APT3 group using the name UPS, which is an intrusion set with Chinese origins that is known for having early access to
On July 16, 2015, the Palo Alto Networks Unit 42 threat intelligence team discovered a watering hole attack on the website of a well-known aerospace firm. The website was compromised to launch an apparent watering-hole attack against the company’s customers. It was hosting an Adobe Flash exploit targeting one of the newly disclosed vulnerabilities from
On July 8, 2015, Unit 42 used the AutoFocus Threat Intelligence service to locate and investigate activity consistent with a spear-phishing attack targeting the US Government. The attack exploited an Adobe Flash vulnerability that stems from the zero-day vulnerabilities exposed from this month’s Hacking Team data breach. The spear-phishing attack used a link to a
Introduction Recently, several popular exploit kits, including Angler, Flash EK, SweetOrange, Fiesta andNeutrino, have included several use-after-free (UAF) vulnerabilities in Adobe Flash to exploit victims’ browsers. Previously, these exploit kits typically used out-of-bounds access (OBA) vulnerabilities in Adobe Flash, as these types of vulnerabilities can be exploited universally and stably , and require less effort