It has been reported that the Fancy Bear hackers are racing to exploit the recently announced Adobe Flash bug.
The hacking group are trying to exploit the flaw before patches are widely deployed. Chris Wysopal, CTO, CA Veracode commented below.
Chris Wysopal, CTO at CA Veracode:
“Struts-Shock,” a vulnerable Java component announced in March 2017 and widely used in applications, was another example of a newly disclosed vulnerability that was opportunistically exploited by cybercriminals to achieve several high-profile breaches. Perhaps most concerning, is that even in the weeks following the initial attacks, 68 percent of Java applications using the Apache Struts 2 library were still using the vulnerable version of the component. Organisations can’t take the same lethargic approach to patching this Adobe Flash bug as many took to Struts-Shock; Fancy Bear have already demonstrated that they’re checking whether you’ve got it – even if you’re not.
Digital disruption has led to a massive spike in the number of applications that businesses hold. With the application estate growing rapidly, it is too time consuming to rely on manual testing and patching each time a new vulnerable component is exposed. This is why an inventory of where vulnerable components lie and a highly automated process for updating is crucial for defenders.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.