CVE-2018-4878

Pierluigi Paganini June 14, 2018
Analysis of the evolution of exploit kits in the threat landscape

Cyber criminal organizations and state-sponsored hackers continue to use Exploit kits to compromise targets world worldwide if the use of Exploit kits is decreased across the recent months, some of them were improved by adding the code to exploit recently discovered Flash and Internet Explorer zero-day vulnerabilities. “Since both Flash and the VBScript engine are […]

Pierluigi Paganini April 10, 2018
Booby-trapped Office docs build with ThreadKit trigger CVE-2018-4878 flaw

Microsoft Office documents created with the exploit builder kit dubbed ThreadKit now include the code for CVE-2018-4878 flaw exploitation. At the end of March, security experts at Proofpoint discovered a Microsoft Office document exploit builder kit dubbed ThreadKit that has been used to spread a variety of malware, including banking Trojans and RATs (i.e. Trickbot, Chthonic, FormBook and Loki Bot). […]

Pierluigi Paganini March 27, 2018
Experts uncovered a watering hole attack on leading Hong Kong Telecom Site exploiting CVE-2018-4878 flaw

Researchers at Morphisec have uncovered a watering hole attack on leading Hong Kong Telecom website exploiting the CVE-2018-4878 flash vulnerability. Security experts at Morphisec have discovered a watering hole attack on leading Hong Kong Telecom website exploiting the CVE-2018-4878 flash vulnerability. In a watering hole attack, hackers infect the websites likely to be visited by their targeted victims, this […]

Pierluigi Paganini February 27, 2018
Recently patched CVE-2018-4878 Adobe Flash Player flaw now exploited by cybercriminals

Security researchers at Morphisec have uncovered a massive hacking campaign that is exploiting the recently patched CVE-2018-4878 Adobe Flash Player vulnerability. Threat actors are exploiting the use-after-free flaw to deliver malware. The CVE-2018-4878 vulnerability was fixed by Adobe on February 6, after security experts discovered it was used by North Korea-linked APT37 group in targeted […]

Pierluigi Paganini February 07, 2018
Adobe rolled out an emergency patch that fixed CVE-2018-4878 flaw exploited by North Korea

Adobe rolled out an emergency patch that fixed two critical remote execution vulnerabilities, including the CVE-2018-4878 flaw exploited by North Korea. Adobe has rolled out an emergency patch to address two Flash player vulnerabilities after North Korea’s APT group was spotted exploiting one of them in targeted attacks. Last week, South Korea’s Internet & Security […]