#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

flash exploit | Breaking Cybersecurity News | The Hacker News

Category — flash exploit
Zerodium Offers $100,000 for Flash Zero-Day Exploit that Bypasses Mitigations

Zerodium Offers $100,000 for Flash Zero-Day Exploit that Bypasses Mitigations

Jan 05, 2016
A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation . Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit. Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities. Zerodium, which describes itself as " the premium zero-day acquisition platform ," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. What is "Isolated Heap" Mitigation Technique? The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capab
Recently Patched Adobe Flash Versions Hit by Another Zero-day Exploit

Recently Patched Adobe Flash Versions Hit by Another Zero-day Exploit

Oct 14, 2015
Does Adobe Flash , the standard that animated the early Web, needs to Die? Unfortunately, Yes. Despite Adobe's best efforts, Flash is not safe anymore for Internet security, as a recent zero-day Flash exploit has been identified. Just Yesterday Adobe released its monthly patch update that addressed a total of 69 critical vulnerabilities in Reader, Acrobat, including 13 critical patches for Flash Player. Now today, Security researchers have disclosed a new zero-day vulnerability in fully patched versions of Adobe Flash, which is currently being exploited in the wild by a Russian state-sponsored hacking groups, named " Pawn Storm ". NO Patch For Latest Flash Exploit That means, even users with an entirely up-to-date installation ( versions 19.0.0.185 and 19.0.0.207 ) of the Flash software are also vulnerable to the latest zero-day exploit. Luckily, for the time being, this exploit is only being used against Government agencies and several foreign affairs
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Expert Insights / Articles Videos
Cybersecurity Resources