Scam of the day – October 22, 2017 – Critical Adobe Flash flaw being exploited

As we learned again, most recently with the Equifax data breach, delay in installing security patches and updates for your software as soon as they become available can lead to disastrous consequences.  Hackers have recently discovered a previously unknown flaw in Adobe Flash and are rapidly exploiting it to take over the computers of users of Adobe Flash Player, Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11.  These previously undiscovered flaws are called zero day defects.

Fortunately, Adobe rapidly created security updates to stop the problem.  However, these updates only help you if you install them and I urge you to install them immediately if you use Adobe Flash.

According to security company, Symantec in 2015 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash. Adobe has announced that it will be retiring Adobe Flash in 2020.  It will still be issuing security patches until then, but now is a good time to move away from Adobe Flash if you have not already done so.

TIPS

If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued.  Here is a link to the latest updates for Adobe Flash.

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.

http://alternativeto.net/software/flash-player/

Scam of the day – April 9, 2016 – Adobe issues critical update to prevent ransomware exploitation of Adobe Flash

Although security patches are very important, I try not to make them the topics of consecutive Scams of the day, but today’s just issued security update to Adobe Flash is of such critical importance that I am breaking that rule.  Adobe has just issued an emergency update to a previously undiscovered zero day security flaw in Adobe Flash, a software program used by more than a billion people.  A zero day security flaw is a software vulnerability that had previously not been known and is exploited by cybercriminals to take advantage of the fact that there are no security software programs or patches that will prevent this flaw from being exploited by the cybercriminals.  In this particular case, security software company, Trend Micro found that cybercriminals were exploiting the flaw to infect computers with a ransomware called “Cerber.”  As with all ransomware, this program would lock and encrypt all of the victim’s computer data and threatens to destroy the data unless a ransom was promptly paid.  This problem is magnified by the fact that it is not just a single cybercriminal who is taking advantage of this flaw.  Cybercriminal computer experts often develop the sophisticated software such as Cerber and then sell it on a part of the Internet referred to as the Dark Web to other criminals who then use it against unsuspecting victims.  In this case, cybercriminal computer experts are selling not only Cerber, but the Magnitude Exploit Kit which is a tool criminals use to plant the Cerber ransomware on websites that, when visited by unsuspecting victims, downloads the Cerber ransomware on to the victims computer.  It is not even necessary to click on anything in particular in order to become infected.  Merely going to the infected website is sufficient to download the ransomware on to the victim’s computer.

I have been warning you for years about flaws in Adobe Flash  that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Here is the link to the latest Adobe Flash update as issued by the Department of Homeland Security which I urge you to download as soon as possible. https://www.us-cert.gov/ncas/current-activity/2016/04/08/Adobe-Releases-Updates-Flash-Player

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – July 14, 2015 – More Adobe Flash problems and other security patches

As I wrote about previously, the recent hacking of the spyware company Hacking Team has exposed two new serious Adobe Flash vulnerabilities  that are already being exploited by hackers and identity thieves.  Anyone who uses Adobe Flash is in danger.  With its history of its vulnerabilities having been exploited by hackers for years, now may be a good time for people to consider disabling Adobe Flash and using other video software programs.  Some alternatives include LightSpark, Unity Web Player, GNU Gnash, and Silverlight.  Silverlight can be downloaded directly from the Microsoft website.

Below I will provide you with the latest security advisory from Adobe Flash although it should be emphasized that as I write today’s Scam of the Day there are no security patches yet available for the latest two discovered vulnerabilities in Adobe Flash.  However, there are security patches available for other problems with Adobe Flash that you should install if you are still using this program.  Also below you will find a link to the latest security update from the Department of Homeland Security with many critical security patches.

TIPS

Here is the link to the latest security advisory from Adobe:  https://www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free

Here is the link to the latest security update alert from the Department of Homeland Security:  https://www.us-cert.gov/ncas/bulletins/SB15-194

 

Scam of the day – July 1, 2015 – Critical Adobe Flash update

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.

TIPS

Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:  https://helpx.adobe.com/security/products/flash-player/apsb15-14.html