Published December 7 , 2016 5:50 pm in Adobe , Adobe Flash , Malware , Ransomware , Vulnerability 0 Of the top 10 vulnerabilities incorporated by exploit kits in 2016 , six of them ( rather unsurprisingly ) affected Adobe Flash Player . Real-time threat intelligence provider Recorded Future arrived at those findings by analyzing thousands of sources including information security blogs and deep web forum postings . Recorded Future then ranked Vulnerability-related.DiscoverVulnerability each vulnerability based upon how many web references linked the bug to at least one of 141 exploit kits , malicious software packages like Neutrino and RIG which abuse security flaws to infect users with TrickBot and other malware . Recorded Future found Vulnerability-related.DiscoverVulnerability the most references to CVE-2016-0189 , a vulnerability affecting Internet Explorer . More than 700 web sources linked the bug to the Magnitude , RIG , Neutrino , and Sundown exploit kits . But when it came to actual links with exploit kits , Adobe Flash Player cleaned house . In total , six Adobe Flash Player vulnerabilities appeared Vulnerability-related.DiscoverVulnerability in the top 10 list . Two of those ( CVE-2016-1o1o and CVE-2015-8446 ) bonded with the late Angler exploit kit . Another three ( CVE-2016-1019 , CVE-2016-4117 , and CVE-2015-8651 ) connected to at least three exploit kits . Overall , the regrettable honor of integration with the most exploit kits goes to CVE-2015-7645 , a flaw which a mere 70 web sources linked to seven different packages : Neutrino , Angler , Magnitude , RIG , Nuclear Pack , Spartan , and Hunter . Recorded Future provides Vulnerability-related.DiscoverVulnerability some background on why this vulnerability likely received so many linkages : `` CVE-2015-7645 impacts Windows , Mac , and Linux operating systems , which makes it extremely versatile . Per Adobe , it can be used to take control of the affected system . Additionally , it was the first zero-day exploit discovered Vulnerability-related.DiscoverVulnerability after Adobe introduced Vulnerability-related.PatchVulnerability new security mitigations , and as such , it was quickly adopted as many other older exploits ceased working on machines with newer Flash versions . The vulnerability was also noted as being used by Pawn Storm ( APT28 , Fancy Bear ) , a Russian government-backed espionage group . '' To protect against RIG and the others from exploiting some of these vulnerabilities on your machine , you should patch Vulnerability-related.PatchVulnerability your system regularly , install a reputable anti-virus solution , and install an ad-blocker . There 's no hope when it comes to Adobe Flash Player . It seems like new bugs are emerging Vulnerability-related.DiscoverVulnerability every day , which makes patch management Vulnerability-related.PatchVulnerability a serious headache . If you can , you should uninstall Adobe Flash Player from your computer as soon as possible .

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Vulnerability-related.DiscoverVulnerability Monday after private disclosures Vulnerability-related.DiscoverVulnerability made to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security found Vulnerability-related.DiscoverVulnerability accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro said Vulnerability-related.DiscoverVulnerability he disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro published Vulnerability-related.DiscoverVulnerability a proof of concept exploit yesterday as well . Ribeiro told Vulnerability-related.DiscoverVulnerability Threatpost he ’ s unsure whether TrueOnline introduced Vulnerability-related.DiscoverVulnerability the vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed Vulnerability-related.PatchVulnerability . A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities found Vulnerability-related.DiscoverVulnerability by Ribeiro , in particular several ASP files , he said Vulnerability-related.DiscoverVulnerability , are vulnerable Vulnerability-related.DiscoverVulnerability to command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affected Vulnerability-related.DiscoverVulnerability by the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are available Vulnerability-related.DiscoverVulnerability for three of the vulnerabilities . Most of the vulnerabilities can be exploited Vulnerability-related.DiscoverVulnerability remotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerable Vulnerability-related.DiscoverVulnerability to an unauthenticated command injection attack that can be exploited remotely . Ribeiro said Vulnerability-related.DiscoverVulnerability he found Vulnerability-related.DiscoverVulnerability the vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router contains Vulnerability-related.DiscoverVulnerability the same vulnerability , but can not be exploited Vulnerability-related.DiscoverVulnerability without authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attacks ; the vulnerability was found Vulnerability-related.DiscoverVulnerability in its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patching Vulnerability-related.PatchVulnerability for Microsoft .

Popular security products such as anti-viruses and middleboxes put customers at risk through poor transport layer security ( TLS ) interception implementations , researchers have found Vulnerability-related.DiscoverVulnerability . A group of researchers from United States universities as well as tech companies Google , Mozilla , and Cloudflare tested middleboxes - which act as network proxies for traffic analysis and content filtering - from A10 , Blue Coat , Barracuda , CheckPoint , Cisco , Fortinet , Juniper , Microsoft , Sophos , Untangle , and WebTitan . All but the BlueCoat device weakened connection security and introduced Vulnerability-related.DiscoverVulnerability TLS vulnerabilities such as Logjam , weak export and RC4 ciphers , or did n't validate digital certificates properly . The researchers also tested [ pdf ] 29 anti-viruses , and found Vulnerability-related.DiscoverVulnerability 13 would intercept TLS connections . Only Avast versions 10 and 11 for Windows did not reduce TLS connection security . Interception of TLS connections involves security products injecting their own certificates in web browsers or devices in organisation networks . This alllows them to terminate TLS connections , decrypt the traffic so as to look for malicious or disallowed content , and then re-initiate the TLS connection after analysis is complete . Such interception is increasingly prevalent , the researchers said , meaning the security community is working at cross purposes - the attempts to detect and block harmful traffic dramatically reduces connection security , the researchers said . `` Many of the vulnerabilities we find Vulnerability-related.DiscoverVulnerability in anti-virus products and corporate middleboxes — such as failing to validate certificates and advertising broken ciphers — are negligent and another data point in a worrying trend of security products worsening security rather than improving it , '' they wrote . Compounding the problem , the researchers noted that while it was possible to adjust middlebox settings in many cases to avoid them degrading TLS security , their configuration was `` confusing , oftentimes with little or no documentation '' . `` We note that the installation process for many of these proxies is convoluted , crash-prone , and at times , non-deterministic , '' they said . Testing middleboxes with services such as Qualys SSL Labs , How 's My SSL , and Bad SSL is a must for administrators , the researchers said . There is no good reason for anti-virus vendors to intercept TLS since their software operates locally and already has access to the file system , browser memory , and any content loaded over HTTPS , they claimed . The researchers disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities in the security products to vendors , but said the reception to the reports varied greatly . `` In many cases , we received no response and in other cases , we were unable to convince manufacturers that TLS vulnerabilities such as Logjam required patching Vulnerability-related.PatchVulnerability , '' they wrote .