Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails including links to compromised sites serving up benign content if you are lucky and a malicious version of the Adobe Flash Player complete with the exploit code if you are not. Adobe has now [responded with a security update](https://helpx.adobe.com/security/products/flash-player/apsb15-14.html) with the following recommendations: Users of the Adobe Flash Player Desktop …

Member Avatar
Member Avatar
+2 forum 1

So, Microsoft and iSIGHT uncovered another 0-day vulnerability; this time impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. iSIGHT [has detailed](http://www.isightpartners.com/2014/10/cve-2014-4114/) in the wild exploits of the vulnerability, and points the finger of suspicion at state-sponsored Russian interests. The Dallas-based cybersecurity outfit explained that the exploit (dubbed Sandworm) showed visibility targeting Ukranian government organisations, Polish energy businesses and US academic organisations as well as NATO itself, and warned that there is an obvious potential for much broader targeting from the same and new threat actors. The researchers have been tracking at least five distinct Russia-based …

Member Avatar
Member Avatar
+2 forum 1

Every week, Stephen Coty [writes about](https://www.alertlogic.com/resources/blog/) interesting exploits that have caught his attention as chief security evangelist at Alert Logic. This last week (in a currently password protected posting) [he mused about](https://www.alertlogic.com/blog/exploit-monday-a-few-interesting-ones-to-be-aware-of-7/) a 'JournalCtl and Syslog Terminal Escape Injection' zero day which could be of interest to the Linux gurus here on DaniWeb. Here's the story. A new init control system called [Systemd](http://0pointer.de/blog/projects/systemd.html) is being integrated into Linux distros, in an effort to update and overhaul SysV and upstart so as to become a more modern init system. Fedora has already jumped into Systemd, and as I understand it Ubuntu …

Member Avatar
Member Avatar
+3 forum 7

The End.