Another day, another Flash vulnerability. A team of researchers at security company FireEye has discovered that a security flaw in Adobe Flash is being actively exploited as part of a large-scale e-mail phishing campaign.
The vulnerability in question is CVE-2015-3113, and it can allow an attacker to remotely execute arbitrary code. All major operating systems are vulnerable. Adobe has already issued a patch, which you should go and apply if you haven't already.
At least one group, which FireEye calls APT3, is actively exploiting this vulnerability. The group is sending out phishing emails with links pointing to compromised servers, which then prompt the user to download booby-trapped SWF and FLV files. FireEye claims that APT3 operates in a structured fashion with command-and-control centers, and targets high-profile targets such as aerospace, defense, and high-tech industries.
|Updated LG Gram laptops put heavy-duty power into feathery bodies||8|
|Antec P110 Silent touts quiet looks and quiet operation||10|
|Monkey Day Shortbread||10|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||3|
|Samsung's Notebook 9 portables rock eighth-gen Core i7s||3|
|Rumor: Ryzen 2 set for Q1 2018 and a Fenghuang APU breaks cover||72|
|TR's 2017 Christmas giveaway: eight days left and counting||8|
|MSI gives Radeon RX Vega cards an Air Boost||22|
|Corsair's latest SO-DIMM kit takes 32 GB of DDR4 to 4000 MT/s||9|
|My first born son will be named fenghuang. I will raise him in the way of zen. Thus it is written, thus it shall be done.||+19|