Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
1 Min Read
Adobe released a patch for a critical, remote code execution zero-day vulnerability in Adobe Flash Player today. Kasperksy Lab discovered the vulnerability when it saw the BlackOasis threat group using the FINSPY (aka FinFisher) surveillance tool to exploit the bug in attacks last week, according to a Reuters report; Adobe acknowledged Kaspersky researcher Anton Ivanov in its advisory.
A type confusion vulnerability in Flash, CVE-2017-11292 impacts Flash running on Windows, Macintosh, Linux and Chrome OS. The attacks witnessed in-the-wild were targeted and against Windows machines.
FINSPY can be bought by law enforcement and nation-state intelligence agencies as part of "lawful intercept" surveillance tools. Last month, Microsoft patched a zero-day vulnerability in Office, discovered by FireEye, that was also being used to spread FINSPY. It was the second zero-day being used to spread FINSPY that FireEye had discovered this year.
For more information see the Adobe release and Reuters.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
You May Also Like
More Insights
Webinars
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
