Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group.
Over the past several weeks, a hacker group identified as APT3 by security firm FireEye has used the vulnerability to attack organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.
Adobe has launched a bug bounty program that hands out high-fives, not cash.
The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security messes.
Adobe released an important Flash Player patch to fix a vulnerability over the weekend affecting those who have the Flash Player plugin installed.
The vulnerability, labeled CVE-2015-0311, was featured in the “Angler Exploit Kit,” a toolkit used by hackers. The Angler Exploit Kit is a toolkit that helps hackers initiate mass drive-by-download attacks. Drive-by-download attacks quietly put malware on your computer when you view malicious ads or visit unsecured websites.
Attackers are using compromised websites to exploit a new and currently unpatched vulnerability in Flash Player, a malware researcher has reported.
The new exploit was observed in drive-by-download attacks launched with an exploit kit called Angler, according to an independent researcher who uses the online alias Kafeine.
A little more than 16 months ago, word emerged that the FBI exploited a recently patched Firefox vulnerability to unmask Tor users visiting a notorious child pornography site. It turns out that the feds had waged an even broader uncloaking campaign a year earlier by using a long-abandoned part of the open source Metasploit exploit framework to identify Tor-using suspects.