Another day, another Flash vulnerability. A team of researchers at security company FireEye has discovered that a security flaw in Adobe Flash is being actively exploited as part of a large-scale e-mail phishing campaign.
The vulnerability in question is CVE-2015-3113, and it can allow an attacker to remotely execute arbitrary code. All major operating systems are vulnerable. Adobe has already issued a patch, which you should go and apply if you haven't already.
At least one group, which FireEye calls APT3, is actively exploiting this vulnerability. The group is sending out phishing emails with links pointing to compromised servers, which then prompt the user to download booby-trapped SWF and FLV files. FireEye claims that APT3 operates in a structured fashion with command-and-control centers, and targets high-profile targets such as aerospace, defense, and high-tech industries.
|SNES Classic will fix your nostalgia blues this September||0|
|Corsair reveals its prize haul for the TR BBQ XIV||2|
|Portions of the Windows Shared Source Kit leak out||10|
|Hyper-Threading erratum rears its head in Skylake and Kaby Lake||35|
|VR180 video bridges the gap between YouTube and VR||4|
|Steam 2017 Summer Sale, part deux||18|
|Silverstone's Strider Titanium PSUs are ready for a high-power future||14|
|Deals of the week: Z270 mobos, spinning storage, and more||4|
|G.Skill readies up for X299 with quad-channel DDR4 at 4200 MT/s||16|
|That's nothing compared to the ongoing espionage campaign that has been leaking the entire Linux kernel source code on a daily basis for literally DEC...||+26|