FireEye cybersecurity experts: The malware uses cookie headers to pass values to the C2 and can select referrers from a list of popular websites.
New serious vulnerabilities discovered on Adobe Flash Player. Yoroi -Cybaze ZLab: malicious hackers could execute arbitrary code on the target host. It has already happened, as Gigamon researchers found
New serious vulnerabilities discovered within the Adobe Flash Player software packages. The Yoroi – Cybaze ZLab cyber security experts report it. Problems arise from gaps in memory management and insecure loading of dynamic libraries, which make it possible for a malicious hacker to launch a cyber attack, running arbitrary code on the target host. This, if a specially created Flash object was opened or viewed by the victim. Moreover, these flaws can be exploited within various cyber aggression scenarios, requiring limited user interaction. For example, browsing compromised portals or opening malicious files or documents. These scenarios, however, have already been exploited by threat actors in 0-day attacks, investigated by Gigamon researchers, where Flash objects armed with exploits have been inserted into Microsoft Office DOCX documents.
Adobe has confirmed the vulnerabilities and issued an update for the cyber security. Everyone must install it immediately, the danger of cyber attacks is high
Adobe itself has confirmed the vulnerabilities through the APSB18-42 bullettin, releasing cyber security updates for the Flash Player software packages for Windows, MacOS and Linux platforms. The danger of cyber attacks is very concrete and affects most users. The technology of Adobe Flash Player, in fact, is present in the web browsers most used by the three operating systems. So, Yoroi – Cybaze Zlab recommends planning as soon as possible the application of security updates. This is due to the potential spread of vulnerable software packages, the publication of technical details and the effective exploitation of critical issues in recent cyber attacks. In particular related to the ones against entities in Ukraine, who sent the malicious document to VirusTotal for its analysis. The bait, as Gigamon discovered, was an alleged employment application for a Russian clinic. But, depending on the goal and the target, malicious hackers could use many others.