Here you will find the latest blogs from Trend Micro’s experts along with a comprehensive look at the latest zero-day exploit affecting all versions of Adobe Flash Player. We encourage you to scroll through the various blogs, provide comments and enjoy the in-depth knowledge that Trend Micro has to offer.
Please add your thoughts in the comments below and follow us on Twitter at @TrendMicro for real time updates.
July 15, 2015
ZD Net: Hacking Team stealthy spyware rootkit stays entrenched through hard disk removal
Softpedia: Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls
ZD Net: FBI used Hacking Team services to unmask Tor user
Computer World: Oracle fixes zero-day Java flaw and over 190 other vulnerabilities
Softpedia: Microsoft Fixes Critical Internet Explorer Security Flaw Found in Hacking Team Leak
KDrama Stars: Google And Mozilla Disable Flash In Browsers As Leaked Documents Reveal Program Has Serious Flaw!
July 14, 2015
CSO: Mozilla blocks Flash on Firefox due to Hacking Team exploits
The Hacker News: Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself
Yahoo News: Adobe promises fix for new Hacking Team zero-day exploits
CIO: Hacking Team’s malware uses UEFI rootkit to survive OS reinstalls
IT World: Hacking Team’s malware uses UEFI rootkit to survive OS reinstalls
Syracuse News: Firefox, Google Chrome block Adobe Flash over ‘critical’ zero-day security flaws
Tech News Today: Adobe Flash Gets Temporarily Killed Off By Mozilla Firefox
Softpedia: Adobe Updates Flash to 18.0.0.209 After Mozilla Blocks All Versions in Firefox
IDigital Times: How To Update Adobe Flash Player: New Patch Released To Fix Problems After Mozilla Blocks Flash And Facebook Calls For Its Death
July 13, 2015
ZD Net: Adobe promises patch for latest wave of critical Hacking Team zero-day exploits
Sentinel Republic: Adobe to patch Flash Player zero-day abused by
ZD Net: Two further critical Flash zero-days appear from Hacking Team breach
July 12, 2015
IT World: Second Flash Player zero-day exploit found in Hacking Team’s data
Network World: Second Flash Player zero-day exploit found in Hacking Team’s data
CIO Magazine: Second Flash Player zero-day exploit found in Hacking Team’s data
PC World: Second Flash Player zero-day exploit found in Hacking Team’s data
The huge cache of files recently leaked from Italian surveillance software maker Hacking Team is the gift that keeps on giving for attackers. Researchers sifting through the data found a new exploit for a previously unknown vulnerability in Adobe’s Flash Player.
July 10, 2015
Security Week: The Adobe Flash Player exploit stolen by hackers from spyware maker Hacking Team has been leveraged by advanced persistent threat (APT) groups, according to security solutions provider Volexity.
Tech Times: Hacking Team Warns Hacked Data And Codes Can Be Used By Cybercriminals And Terrorists
Cyber Defense Magazine: Security experts at Trend Micro revealed that one of the exploits discovered in the Hacking Team package tied to Attacks In Korea and Japan.
Following the recent hack of the popular surveillance firm Hacking Team, the experts started the analysis of the material leaked online by the attackers. The package leaked online include also a number of exploits used by the company to compromise targeted systems by exploiting flaws in Adobe Flash ad Internet Explorer applications.
July 8th, 2015
Business Insider: A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data
VentureBeat: Adobe confirms Flash vulnerability found via Hacking Team leak, issues patch for Windows, Mac, and Linux (Updated)
In the past fortnight a wave of vulnerabilities have been uncovered in Adobe Flash. Researchers at Trend Micro uncovered a Flash flaw being used by hackers to run an online blackmail scam earlier today.
Read more: http://www.businessinsider.com/wild-neutron-facebook-and-microsoft-hackers-return-2015-7#ixzz3fKexXP9F
Adobe today released a security bulletin confirming a vulnerability in all versions of its Flash product for Windows, Mac, and Linux. The company says it is aware of reports that an exploit targeting this vulnerability has been publicly published, and it plans to release a patch on July 8, 2015.
Krebs on Security: Adobe to Patch Hacking Team’s Flash Zero-Day
Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks.
Value Walk: Adobe Closing Flash Hole After Hacking Team Leak
Three hacking kits related to the bug have already been published by cyber attackers, according to security software company Trend Micro, and it seems strange that Hacking Team would not have immediately informed Adobe about the discovery of such a flaw.
ZDNet: Adobe tackles Hacking Team zero-day vulnerability
Adobe is rapidly creating a fix for a critical vulnerability affecting Flash Player which was only discovered after a hacker broke into Hacking Team’s systems.
Business Insider: The Hacking Team leaks taught criminals a new way to hijack computers
The Adobe Flash zero day vulnerability was uncovered by researchers at security firm Trend Micro, who claimed to have found it while examining leaked documents from software company, Hacking Team.
Forbes: Hacking Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals
In recent years, crypto luminary Bruce Schneier has noted that today’s surveillance tools are tomorrow’s cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days – unpatched and previously-unknown software vulnerabilities – is being exploited by crooks.
CNET: Adobe tackles Hacking Team zero-day vulnerability
Servers belonging to surveillance firm Hacking Team were infiltrated over the weekend. In an attack the company called “sophisticated” which “took days or weeks to accomplish,” a hacker walked away with over 400 gigabytes of corporate data.
BBC: Adobe tackles new Flash threat after Hacking Team leak
Security software company Trend Micro said the flaw had been included in at least three “exploit kits” – collections of computer code and tools that can help attackers spread malicious software.
CSO Online: Adobe to patch Flash 0-Day created by Hacking Team
There have been additional developments in the Hacking Team story, the latest being that the Adobe Flash vulnerability discovered in the 400GB cache of documents has been picked up by the Neutrino and Angler exploit kits.
Pulse Headlines: Attackers steal Hacking Team’s Flash software and posted the stolen data online
Hacking Team is an Italian firm that sells spying software to intelligence agencies everywhere in the world. But the fact that the software was stolen before being posted online indicated Hacking Team knew of a flaw in the software without telling Adobe, the original manufacturer.
Infosecurity Magazine: Adobe to Patch Hacking Team Flash Player Bug
A critical Flash Player bug used by notorious surveillance software firm Hacking Team and made available in a data dump on Sunday will be patched on Wednesday after being spotted in active exploits, Adobe has confirmed.
Betanews: Adobe recognizes major Flash vulnerability, will patch it today
The vulnerability, first spotted by security firmTrend Micro, is the aftermath of a mega security breach at Hacking Team. The infamous group that offered hacking services to spy agencies was hacked earlier this week, and most of its internal documents — consisting of 400GB of emails, source code, client lists, invoices etc — were made available to the public.
BankInfoSecurity: Hacking Team Zero-Day Attack Hits Flash
Security experts have sounded that alert in the wake of reports that at least three exploit kits – automated software built by and for cybercriminals to automatically infect PCs on an industrial scale – have already incorporated the leaked Adobe Flash zero-day flaw. Researchers are also warning that the dump contains a zero-day Windows exploit, as well as a Flash exploit for CVE-2015-0349, which was patched by Adobe in April. The exploits could have been used by Hacking Team’s customers to sneak the surveillance software vendor’s spyware onto targets’ PCs.
Crazy Engineers: Adobe Flash Player Zero-Day Vulnerability Exposed In Hacking Team Leaked Files
Hacked files from Italy-based spying software development firm, Hacking Team have exposed a critical vulnerability in the widely used browser plug-in, the Adobe Flash Player. Two days ago, unidentified hackers managed to break into the Milan-based IT firm and steal 400GB of confidential company data.
TechCrunch: Adobe Is Patching A Hole The Hacking Team Used To Exploit Flash
Many companies have best practices and the Hacking Team, the “computer security experts” who sold hacking tools to various federal and state agencies around the world, are no exception. Their database of information includes a number of interesting hacking tips, including mention of a 0-day, unpatched hole in Adobe Flash that the company is currently closing.
July 7th, 2015
ZDNet: Unpatched Flash exploits unveiled in Hacking Team data dump
A number of exploits and their coding is contained within the leaked file, according to Trend Micro researchers. In an analysis of the dump, the security team says there is “at least” three exploits, including several which target Adobe Flash Player and Microsoft’s Windows operating system.
PC World: Researchers find previously unknown exploits among Hacking Team’s leaked files
Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.