Another Adobe Flash Zero-day vulnerability discovered
Cyber criminals found a new trick to use Adobe Flash to launch malicious attacks. Recently, researchers discovered another zero-day flaw that has been exploited in the Middle East via Microsoft Excel document.
The malicious document has been spotted spreading via emails. However, it does not include any malicious content inside. However, when a target opens Excel file, it calls remote access server to download malicious content to exploit the flaw in Adobe Flash. This technique allows avoiding antivirus detection.
Researchers assume that this attack was held in Qatar:
Qatar because the domain name used by the attackers was 'people.dohabayt[.]com', which includes 'Doha', Qatar's capital. The domain is also similar to a legitimate Middle East recruitment website ‘bayt[.]com’.
The malicious Excel file also included content in the Arabic language. It seems that the main targets might be embassy workers, such as ambassadors, secretaries, and other diplomats. Fortunately, the flaw was patched and users are urged to install updates (CVE-2018-5002).
The sophisticated technique allows exploiting Flash vulnerability without being detected by antivirus
Malicious email attachments can be easily identified by the major security programs. However, this time attackers found a way to bypass detection because the file itself is not dangerous.
This technique allows exploiting Flash from a remote server when a user opens a compromised Excel file. Therefore, security programs cannot mark this file as dangerous because it actually does not include malicious code.
Meanwhile, this file requesta a malicious Shock Wave Flash (SWF) file which is downloaded from the remote domain. This file is used for installing and executing malicious shell code which is responsible for loading trojan. According to the researchers, this trojan is most likely to open the backdoor on the affected machine.
Moreover, communication between a targeted device and remote hacker’s server is secured with a combination of symmetric AES and asymmetric RSA encryption ciphers:
“To decrypt the data payload, the client decrypts the encrypted AES key using its randomly generated private key, then decrypts the data payload with the decrypted AES key.
The extra layer of public key cryptography, with a randomly generated key, is crucial here. By using it, one must either recover the randomly generated key or crack the RSA encryption to analyze subsequent layers of the attack.”[Source: Icebrg]
Adobe released an update to fix this critical flaw
Adobe already released an update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The critical vulnerability was detected in 18.104.22.168 and earlier versions of the program. Hence, users are urged to update to 22.214.171.124 version immediately.
Adobe released CVE-2018-5002 patch that delivers a warning then a user opens an obfuscated Excel file. The prompt warns about potential dangers that might occur after loading the remote content.
Installation of the updates is possible via update services in the program or from the official Adobe Flash Player Download Center. We want to remind that pop-ups, ads or third-party download sources are not a safe place to install updates.
Prevent websites, ISP, and other parties from tracking you
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.
Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.
Recover your lost files quickly
Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.
Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.
Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.