Not Neutrality | TechSNAP 161

Not Neutrality | TechSNAP 161

Adobe’s latest flaw has being exploited by an advanced persistent threat, we’ve got the details, Heartbleed follow ups, and getting started with Virtualization.

Plus our thoughts on the fate of net neutrality, your questions, our answers, and much much more!

On this week’s episode of TechSNAP!

Thanks to:




Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Adobe releases patch for critical Flash flaw affecting all OSs

  • A new exploit has been discovered that works against all versions of Adobe Flash Player
  • This is a zero-day exploit, meaning that even a fully patched computer can be exploited
  • Adobe has since released the fix, and users are encouraged to apply the patch as soon as possible
  • The attack used two different exploits, one general exploit against Flash and the other exploiting a flaw in Internet Explorer
  • One of the malware files was detected by Kaspersky using a heuristic signature, but the other was new
  • The exploits slightly alter the attack methodology if Windows 8 or newer is detected, to work around mitigations provided by the OS
  • The first bit of malware (movie.swf) was generic, downloading more malware from a URL and running it
  • The second bit of malware (include.swf) was very specific, targeting “Cisco MeetingPlace Express Add-In version 5”
  • “This add-in is used by web-conference participants to view documents and images from presenter\’s screen. It should be noted that the exploit will not work if the required versions of Adobe Flash Player ActiveX and Cisco MPE are not present on the system”
  • This suggests that the malware was written with a very specific target in mind, rather than designed to target the general Internet
  • The malware was hosted on an official Syrian government website, although it appears that the site may have been compromised to store the files there
  • Kaspersky was not able to examine the payload of the second exploit because the files had already been taken down from the website, and there is evidence to suggest there was a 3rd payload (stream.swf)
  • “We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer.”
  • “It\’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this.”
  • CVE-2015-0515
  • Adobe Security Bulletin
  • Additional Coverage – ARS Technica
  • Additional Coverage – Krebs on Security
  • Since IE uses a separate version of Flash from other browsers (Firefox, Chrome, Opera, etc), Windows users will need to apply the patch twice, one to their browser and once to IE, which is used as a component in many other applications including Skype and Steam

Exploit used in the wild against all versions of Internet Explorer 6 through 11

  • As part of the same attack from the previous story, an exploit for all versions of Internet Explorer was found
  • The exploit was used as part of a watering hole attack
  • CVE-2014-1776
  • This was to be the first of many 0day exploits that will not be fixed on Windows XP, however Microsoft issued a statement and released the update for Windows XP , inspite of the fact that it is no longer supported

[Heartbleed Followups]



Question? Comments? Contact us here!