Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 3 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Adobe Flash zero day detected, the first of many – Industry views

by The Gurus
January 22, 2015
in Opinions & Analysis
Share on FacebookShare on Twitter

he first major zero-day of 2015 has been discovered, it is actively exploiting Adobe Flash and already bundled into an exploit kit.
 
The flaw was discovered by researcher Kafeine, and he said that he spotted an instance of the Angler exploit kit which is sending three different “bullets” targeting Flash Player, although it is not being used in all Angler instances. What is safe is Windows 8.1 and Google Chrome, however other Windows OS are not as safe.
 
In a year where I expect we will see more zero-day vulnerabilities revealed and less time between disclosure and remediation, and following Microsoft’s decision not to reveal which flaws it is patching and then pointing the finger at Google for revealing the details of unpatched flaws, could this be the start of another tumultuous year for vendors and administrators alike? We asked some of security’s finest minds what they thought.
 
 Richard Cassidy, senior solutions architect at Alert Logic
 
“Web based exploit kits (such as Angler) pose a real and complex threat to businesses, given that they can operate on both file (malware code downloaded to target system disk) and fileless (malicious code executed in memory only) methods, and are run as web-applications designed to exploit vulnerabilities in browsers and browser-plugins.
 
“Simply put, you could visit a compromised website that will silently use web applications hosted on those sites or adverts to infect the target system, or you could open an e-mail with an infected link, click on that link and be directed to the malicious website. Once infected, the exploit kit simply chooses which exploit to run based upon it’s knowledge of your browser and exploitable plugins (flash, java, adobe, etc.) which in turn leads to a compromise of the system and loss of data, or unwanted activity.”
 
Fraser Kyne, principal systems engineer at Bromium
 
 
“This is yet more proof that existing security tools are failing. It is simply not good enough to wait for something bad to happen, start a stopwatch, and see how quickly we can react to avert a disaster. Particularly when the attackers started their stopwatches some time ago. Companies need a modern approach to protect against modern threats. This does not mean the hopeless task of detection. It means making our systems robust to malware by design.”
 
Adam Winn, product manager at OPSWAT
 
 
“While the rise of yet another zero-day attack is unnerving, the silver lining here is that a fully patched Windows 8.1 environment is not vulnerable. Users of Windows 8.1 can protect themselves simply by ensuring Windows automatic
updates are enabled, and promptly rebooting their system when instructed to. These types of attacks are going to become increasingly common for Windows XP and soon Windows 7 as Microsoft stops releasing security updates.”
 
Carl Leonard, principal security analyst at Websense
 
“Malware authors are bringing their proven formula into 2015. What better way to establish a foothold in numerous organisations than by hitting businesses in their popular applications?
 
“This is why companies need defence in depth, with protection across all stages of the kill chain. Most importantly, data theft prevention is so important because it’s the final stage, and the most dangerous. Left exposed, it opens the door to the bad guys and gives them access to the company’s most valuable secrets.”
 
 
Update – Adobe has announced that there is a patch available for this flaw, and said it is investigating a report that a separate exploit for Flash Player 16.0.0.287 and earlier versions also exists in the wild.2222

FacebookTweetLinkedIn
Tags: AdobeFlashFlawVulnerability
ShareTweet
Previous Post

BlackBerry CEO points finger at Apple for not complying with net neutrality

Next Post

Government highlights technical options to defend networks

Recent News

threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information