Vulnerability: Zero-Day Flash Flaw

June 7, 2018 – Security Firm Qihoo 360 identified a brand new zero-day flaw in Adobe Flash that could leave users vulnerable to executing malicious software without permission.
Attackers have been able to gain access to victim’s devices by sending emails that contain exploited Flash content that has been disguised as a Microsoft Office document. Victims download the document not realizing that it contains a malicious SWF file that’s connected to a remote server. At this time attackers appear to be only targeting organizations located in the Middle East.

Tracking the flaw – (CVE-2018-5002 ) – Adobe has issued an advisory summarizing and providing patches for the vulnerability across all OS for Adobe Flash Desktop Runtime and Chrome/Edge/IE browser plugins. The versions of Flash that are vulnerable to this zero-day are versions and earlier. Adobe has recently released a new flash update (version that patches the vulnerability.

The Proficio Threat Intelligence Recommendations:

  • Immediately ensure that Adobe Flash is updated to the latest version.
  • Require permission each and every time Flash content attempts to run.

General Info – Click Here

Sandworm – Microsoft Windows Zero-day Vulnerability

What is it?

CVE-2014-4114 (aka “Sandworm”): A zero-day vulnerability that allows an attacker to remotely execute arbitrary code.

Who is vulnerable?

Sandworm is a zero-day impacting all versions of Microsoft Windows from Vista SP2 up to Windows 8.1, as well as Windows Server 2008 and 2012.

Where has it been seen?

Used in Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors.

How does it work?

Non-technical: opening a specially crafted file will allow the remote code execution. This has been seen with Powerpoint files in the wild.

Technical: “The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands.”
[copied from source: ]

Additional Notes:

Microsoft classified MS14-060 as “important”, not “critical”, because the attack requires a user to open a file.

Security Operations Center Recommendations:

Update all vulnerable systems as soon as possible. Microsoft Bulletin MS14-060 fixes this bug:

Additionally, Microsoft has released a total of eight security bulletins and updates that address them as of October 14, 2014. In total, 24 vulnerabilities are addressed in the updates. Three of them are classified as critical. More information can be found here: