CyberWisdom Safe Harbor Commentary on Adobe Patch Urgent Update
Last week, South Korea’s Computer Emergency Response Team (KR-CERT) issued a warning that a security company’s follow-up confirmed that the vulnerability had been exploited and involved malicious Microsoft Excel file attacks.
Urgent Updates Flash Player 184.108.40.206 Two Vulnerabilities
Flash Player 220.127.116.11, released on February 6, fixed a zero-day vulnerability identified as CVE-2018-4878 and a similar vulnerability named CVE-2018-4877 that was exposed privately to Adobe through Adobe’s Zero-Day Action Plan report.
Both of these pitfalls are key to releasing memory errors after use and may result in remote code execution, so users should update to the new Flash Player version as soon as possible. Flash plug-ins provided with Google Chrome, Microsoft Edge, and Internet Explorer 11 are automatically updated through the browser’s update mechanism.
The latest version of Flash also patches CVE-2018-4877, which is also a free-to-use vulnerability for remote code execution. Bo13oy of Qihoo 360 Vulcan Team reported the vulnerability to Adobe through Trend Micro’s Zero Day Initiative (ZDI). Adobe does not seem aware of any exploits of CVE-2018-4877.
FireEye has analyzed the attack involving CVE-2018-4878 and thought it was used as a TEMP.Reaper by a group it tracks on a zero-day basis. The security firm has determined that the hackers may be located in North Korea based on the IP addresses used to access Command and Control (C & C) servers.
“Most of their goals are focused on South Korea for government, military and defense industrial bases and other industries.” “They are also interested in predictable North Korean interests such as reunification efforts and defectors,” FireEye said.
FireEye observed attacks, including malicious Office documents and spreadsheets, designed to leverage Flash Player Zero Time Difference to deliver the malware tracked by DOGCALL.
Cisco Talos also analyzed the movement and classified it as a group of 123 characters. Although Cisco did not explicitly accuse North Korea of attacking 123 groups, the company has targeted some of South Korea’s campaigns in detail as a temptation-related theme in the delivery of malware.
The researchers point out that adding a zero-day attack to their arsenal shows that the group has become very positive and mature.
Researchers at security company FireEye used the new vulnerability to analyze the recent attacks and attribute the attacks to a known North Korean threat organization, called TEMP.Reaper.
“Historically, most of their targeting has been focused on the Korean government, military and defense industry bases, however, last year they have expanded to other international goals,” FireEye researchers said in a blog post. “They are already interested in issues of immediate importance to the Democratic People’s Republic of Korea (DPRK), such as North Korea’s unification efforts and North Korean defectors.”
FireEye also warned that TEMP.Reaper has developed and deployed some erase-targeted disk-erasure malware, although there is currently no evidence that the organization has used it to destroy data. North Korean hackers have in the past launched wiping attacks against South Korea and other international targets, including the 2014 attack on Sony Pictures’ computer network.
Researchers at the Cisco Talos team also tracked the latest Flash Player zero-day attacks and attributed them to what they call a group of 123 threat actors. The attack payload is a remote management tool called ROKRAT that can be used to infiltrate documents and manage infected systems.
In a blog post, researchers at Talos said: “The 123 Group has now added some of the latest payloads for the criminal elite and ROKRAT.” They’ve used 0 days of Adobe Flash, which goes beyond their predecessors – they Indeed, exploits were used in previous activities, but never before have a net new exploitation hole been exploited. This change represents a significant shift in the 123 levels of maturity, and we can now evaluate 123 groups from a confidential perspective with a highly skilled, highly motivated and well-established team.
Adobe admitted that its software will remain a security breach shortly thereafter and promises a patch this week.
Now that the update has landed – it’s not just a programming bug, it also includes a fix, thanks to the Qihoo 360 Vulcan team of researchers. Qihoo staff found a remote code execution vulnerability in Flash, this update has been resolved. Both errors were rated as critical for all supported operating systems except the Linux version of the Adobe Flash Player Desktop Runtime.
Essentially, now patch your Flash installation to stop taking advantage of two newly discovered bugs, one of which is used by North Korea and the other by Qihoo’s Information Finder. Using a malicious Flash file embedded in a vulnerable computer to open a web page or other document is sufficient to trigger a malware infection.
“These updates address critical vulnerabilities that could cause remote code execution, and Adobe recommends that users update their product installations to the latest version,” Photoshop said today.
The remote code execution error exploited by Nork was CVE-2018-4878 and the Vulcan team found CVE-2018-4877.
Emergency patch lands, shuts pair of remote exploitable holes, one used by Norks Adobe has issued an emergency security patch for two bugs in its Flash player – after North Korea’s hackers were spotted exploiting one of the flaws to spy on people investigating the creepy hermit nation.…… Engaging post, Read More…
thumbnail courtesy of theregister.co.uk
Adobe Fixes Flash Player Zero-Day Vulnerability
Adobe has released an emergency update for Flash Player to fix a critical zero-day vulnerability that already has been used in targeted attacks by North Korean hackers. News of the vulnerability broke last week with an alert from the South Korean Computer Emergency Response Team (KR-CERT) and follow-up confirmations from security companies that an exploit.. The post appeared first on Security Boulevard…. Adobe Fixes Flash Player Zero-Day Vulnerability
Adobe: Two critical Flash security bugs fixed for the price of one
Emergency patch lands, shuts pair of remote exploitable holes, one used by Norks Adobe has issued an emergency security patch for two bugs in its Flash player – after North Korea’s hackers were spotted exploiting one of the flaws to spy on people investigating the creepy hermit nation.…… Adobe: Two critical Flash security bugs fixed for the price of one
Adobe Patches Flash Zero-Day Exploited by North Korean Hackers
Adobe updated Flash Player on Tuesday to address a zero-day vulnerability exploited by what experts believe to be a North Korean hacker group in attacks aimed at individuals in South Korea. read more… Adobe Patches Flash Zero-Day Exploited by North Korean Hackers
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »