Here you will find the latest blogs from Trend Micro’s experts along with a comprehensive look at the latest zero-day exploit affecting all versions of Adobe Flash Player. We encourage you to scroll through the various blogs, provide comments and enjoy the in-depth knowledge that Trend Micro has to offer.
Please add your thoughts in the comments below and follow us on Twitter at @TrendMicro for real time updates.
July 15, 2015
July 14, 2015
The Hacker News: Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself
Tech News Today: Adobe Flash Gets Temporarily Killed Off By Mozilla Firefox
July 13, 2015
Sentinel Republic: Adobe to patch Flash Player zero-day abused by
July 12, 2015
The huge cache of files recently leaked from Italian surveillance software maker Hacking Team is the gift that keeps on giving for attackers. Researchers sifting through the data found a new exploit for a previously unknown vulnerability in Adobe’s Flash Player.
July 10, 2015
Security Week: The Adobe Flash Player exploit stolen by hackers from spyware maker Hacking Team has been leveraged by advanced persistent threat (APT) groups, according to security solutions provider Volexity.
Following the recent hack of the popular surveillance firm Hacking Team, the experts started the analysis of the material leaked online by the attackers. The package leaked online include also a number of exploits used by the company to compromise targeted systems by exploiting flaws in Adobe Flash ad Internet Explorer applications.
July 8th, 2015
Business Insider: A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data
In the past fortnight a wave of vulnerabilities have been uncovered in Adobe Flash. Researchers at Trend Micro uncovered a Flash flaw being used by hackers to run an online blackmail scam earlier today.
Adobe today released a security bulletin confirming a vulnerability in all versions of its Flash product for Windows, Mac, and Linux. The company says it is aware of reports that an exploit targeting this vulnerability has been publicly published, and it plans to release a patch on July 8, 2015.
Krebs on Security: Adobe to Patch Hacking Team’s Flash Zero-Day
Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks.
Value Walk: Adobe Closing Flash Hole After Hacking Team Leak
Three hacking kits related to the bug have already been published by cyber attackers, according to security software company Trend Micro, and it seems strange that Hacking Team would not have immediately informed Adobe about the discovery of such a flaw.
Adobe is rapidly creating a fix for a critical vulnerability affecting Flash Player which was only discovered after a hacker broke into Hacking Team’s systems.
Business Insider: The Hacking Team leaks taught criminals a new way to hijack computers
The Adobe Flash zero day vulnerability was uncovered by researchers at security firm Trend Micro, who claimed to have found it while examining leaked documents from software company, Hacking Team.
In recent years, crypto luminary Bruce Schneier has noted that today’s surveillance tools are tomorrow’s cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days – unpatched and previously-unknown software vulnerabilities – is being exploited by crooks.
Servers belonging to surveillance firm Hacking Team were infiltrated over the weekend. In an attack the company called “sophisticated” which “took days or weeks to accomplish,” a hacker walked away with over 400 gigabytes of corporate data.
Security software company Trend Micro said the flaw had been included in at least three “exploit kits” – collections of computer code and tools that can help attackers spread malicious software.
There have been additional developments in the Hacking Team story, the latest being that the Adobe Flash vulnerability discovered in the 400GB cache of documents has been picked up by the Neutrino and Angler exploit kits.
Hacking Team is an Italian firm that sells spying software to intelligence agencies everywhere in the world. But the fact that the software was stolen before being posted online indicated Hacking Team knew of a flaw in the software without telling Adobe, the original manufacturer.
Infosecurity Magazine: Adobe to Patch Hacking Team Flash Player Bug
A critical Flash Player bug used by notorious surveillance software firm Hacking Team and made available in a data dump on Sunday will be patched on Wednesday after being spotted in active exploits, Adobe has confirmed.
The vulnerability, first spotted by security firmTrend Micro, is the aftermath of a mega security breach at Hacking Team. The infamous group that offered hacking services to spy agencies was hacked earlier this week, and most of its internal documents — consisting of 400GB of emails, source code, client lists, invoices etc — were made available to the public.
BankInfoSecurity: Hacking Team Zero-Day Attack Hits Flash
Security experts have sounded that alert in the wake of reports that at least three exploit kits – automated software built by and for cybercriminals to automatically infect PCs on an industrial scale – have already incorporated the leaked Adobe Flash zero-day flaw. Researchers are also warning that the dump contains a zero-day Windows exploit, as well as a Flash exploit for CVE-2015-0349, which was patched by Adobe in April. The exploits could have been used by Hacking Team’s customers to sneak the surveillance software vendor’s spyware onto targets’ PCs.
Hacked files from Italy-based spying software development firm, Hacking Team have exposed a critical vulnerability in the widely used browser plug-in, the Adobe Flash Player. Two days ago, unidentified hackers managed to break into the Milan-based IT firm and steal 400GB of confidential company data.
Many companies have best practices and the Hacking Team, the “computer security experts” who sold hacking tools to various federal and state agencies around the world, are no exception. Their database of information includes a number of interesting hacking tips, including mention of a 0-day, unpatched hole in Adobe Flash that the company is currently closing.
July 7th, 2015
A number of exploits and their coding is contained within the leaked file, according to Trend Micro researchers. In an analysis of the dump, the security team says there is “at least” three exploits, including several which target Adobe Flash Player and Microsoft’s Windows operating system.
Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.