As we projected earlier this month, we anticipate seeing an increase in criminal activity exploiting the Adobe Flash recently patched vulnerability (CVE-2018-4878) given the observation of the following Early Warning Indicators (EWIs):
- Publicly available code for crafting malware exploiting CVE-2018-4878
- e-Crime malspam activity exploiting CVE-2018-4878
Due to the ease of exploitation and criticality of the vulnerability, we recommend:
- IT Administrators patch their systems as soon as possible
- Users to stay vigilant and avoiding clicking on URLs or attachment received from unfamiliar or spoofed email senders.
We are currently updating our Collection Plan to process relevant, need-to-know data in an effort to promptly alert our customers as soon as those vulnerabilities are exploited in the wild.