Another day, another Flash vulnerability. A team of researchers at security company FireEye has discovered that a security flaw in Adobe Flash is being actively exploited as part of a large-scale e-mail phishing campaign.
The vulnerability in question is CVE-2015-3113, and it can allow an attacker to remotely execute arbitrary code. All major operating systems are vulnerable. Adobe has already issued a patch, which you should go and apply if you haven't already.
At least one group, which FireEye calls APT3, is actively exploiting this vulnerability. The group is sending out phishing emails with links pointing to compromised servers, which then prompt the user to download booby-trapped SWF and FLV files. FireEye claims that APT3 operates in a structured fashion with command-and-control centers, and targets high-profile targets such as aerospace, defense, and high-tech industries.
|Leica M10 further refines rangefinders for the digital age||10|
|NZXT adds purple-and-white finishes to its hardware catalog||8|
|Asus shows off Zenbook 3 Deluxe UX490A in detail||38|
|Tom's Hardware hammers an Intel 600p SSD for science||27|
|Antec Cube Mini-ITX chassis gets EKWB-certified||1|
|iBuypower Snowblind is a fresh take on case side panels||15|
|Radeon 17.1.1 drivers bring support for Resident Evil 7||16|
|NexDock offers a home for Intel Compute Cards||10|
|Imagination Technologies freshens up mid-range PowerVR GPUs||5|