430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Adobe 0-days exploited for IEEE aerospace spearphishing attacks

Last week Adobe released a patch for Adobe Flash that fixed a zero day vulnerability, CVE-2013-0633, that is being exploited using Microsoft Office files with embedded flash content delivered via email. The vulnerability is not isolated, it is circulating the news of a new one coded CVE-2013-0634 being exploited trough web browsers such as Firefox and Safari […]

Adobe 0-days exploited for IEEE aerospace spearphishing attacks

Last week Adobe released a patch for Adobe Flash that fixed a zero day vulnerability, CVE-2013-0633, that is being exploited using Microsoft Office files with embedded flash content delivered via email. The vulnerability is not isolated, it is circulating the news of a new one coded CVE-2013-0634 being exploited trough web browsers such as Firefox and Safari on Mac OSX that has been identified by FireEye security firm.

Adobe credited the CERT of aerospace company Lockheed Martin for discovering that exploit, providing further indication of the caliber of target the hackers were seeking.

Last Friday Adobe’s patched one zero day vulnerability being exploited with malicious embedded Flash content in Microsoft Office documents for Windows that were delivered as emailed attachments.

Security researchers at Alien Vault revealed that attackers delivered the exploits with a targeted spear phishing campaign aimed at the US aerospace sector and industry.

Jaime Blasco, director at Alienvault Labs revealed that one of the Office attachments used to carried the Flash exploit was a 2013 Institute of Electrical and Electronics Engineers (IEEE) Aerospace Conference schedule.

Another sample isolated is  an “Employee Quick Reference Guide” related with an online payroll system, the  Automatic Data Processing (ADP), used by several companies in the US such as Alcoa.

The analysis proposed by FireEye revealed interesting particulars, despite Word files are in English the codepage of Word files are “Windows Simplified Chinese (PRC, Singapore)”. The Word files contain a macro to load an embedded SWF flash object, the flash files contain several ActionScript classes that checks for specific Flash and operating system versions and specific code to trigger the exploit.

“Two oddities of the malware were a coding reference to “Lady Boyle”, a character in the adventure game, “Dishonored”. The authors also failed to obfuscate the malicious Flash file, leaving it open to detection by generic antivirus signatures.”

Also in this case the malicious code was digitally signed with an invalid digital certificate from the Korean gaming company, MGAME Corporation, the same digital document  was also used to sign PlugX remote access tool (RAT) in past attacks on NGOs, according to AlienVault.

“We have seen this certificate dozens of times in the past as part of targeted attacks including NGO’s to sign several RAT files including PlugX.”

The same executable renames itself to try to pass itself off as the Google update process.

The situation is very worrying, the exploit of zero-day vulnerabilities leaves vulnerable target systems. Fortunately it is not so easy to discover a zero-days and in majority of cases their exploits are related to state sponsored attacks. These offensives are typically structured operation susteined by intense researches aimed to discovery a huge quantities of vulnerabilities to exploit during the attacks, campaigns such as the famous Operation Aurora and the most recent Elderwood project.

Pierluigi Paganini