Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday June 29 2015, @01:45PM   Printer-friendly
from the adobe-flash-vulnerable dept.

Another security story from The Register to start the week off:

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.

Web villains [sic] designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks. Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.

Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware.

"CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says.

Magnitude, said to generate as of August up to $US100,000 a month for its author, maintains about a third of the exploit kit market according to Trustwave. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by anubi on Tuesday June 30 2015, @01:15AM

    by anubi (2828) on Tuesday June 30 2015, @01:15AM (#203119) Journal

    The first phrase I scan for when handed a business contract is the phrase "up-to".

    Its my first "red flag" that tells me the business is likely shoddy and is basing their model on screwing the customer.

    They want to leave good hopes, but no commitment. They will still expect payment in full, even though they only offer "up to" service.

    They have all the credit reporting agencies on their side should they decide to provide far less than the "up-to", and all I have on my side is to leave my side of the argument on internet "bad business bureau" sites.

    I would like to get cable internet, however its "up-to" 3Mbps. With ratings like this [yelp.com]. A business license seems to confer to someone the legal authority to demand payment for things hinted at and not delivered.

    We have a group in Washington ( every one of 'em ) that would sign in DMCA, yet we are powerless to withhold payment for companies playing hanky-panky. I keep hoping if we all get together and vote the incumbents out, maybe the new guys would have had some nasty experiences with these dealers in trickery and make those contracts no longer legally binding.

    Yes, I know most every business does this. Its one of the reasons I really hate to sign any contract with a business. Those contracts are one-sided and binding.

    Caveat Emptor!

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]