Scam of the day – October 22, 2017 – Critical Adobe Flash flaw being exploited

As we learned again, most recently with the Equifax data breach, delay in installing security patches and updates for your software as soon as they become available can lead to disastrous consequences.  Hackers have recently discovered a previously unknown flaw in Adobe Flash and are rapidly exploiting it to take over the computers of users of Adobe Flash Player, Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11.  These previously undiscovered flaws are called zero day defects.

Fortunately, Adobe rapidly created security updates to stop the problem.  However, these updates only help you if you install them and I urge you to install them immediately if you use Adobe Flash.

According to security company, Symantec in 2015 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash. Adobe has announced that it will be retiring Adobe Flash in 2020.  It will still be issuing security patches until then, but now is a good time to move away from Adobe Flash if you have not already done so.

TIPS

If you are going to continue to use Adobe Flash, it is imperative that you update your software with the latest security patches when they are issued.  Here is a link to the latest updates for Adobe Flash.

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

However, it may well be time for you to replace Adobe Flash to avoid future problems.

Here is a link to a website with alternative plugins you may wish to consider to replace Adobe Flash.

http://alternativeto.net/software/flash-player/

Scam of the day – April 9, 2016 – Adobe issues critical update to prevent ransomware exploitation of Adobe Flash

Although security patches are very important, I try not to make them the topics of consecutive Scams of the day, but today’s just issued security update to Adobe Flash is of such critical importance that I am breaking that rule.  Adobe has just issued an emergency update to a previously undiscovered zero day security flaw in Adobe Flash, a software program used by more than a billion people.  A zero day security flaw is a software vulnerability that had previously not been known and is exploited by cybercriminals to take advantage of the fact that there are no security software programs or patches that will prevent this flaw from being exploited by the cybercriminals.  In this particular case, security software company, Trend Micro found that cybercriminals were exploiting the flaw to infect computers with a ransomware called “Cerber.”  As with all ransomware, this program would lock and encrypt all of the victim’s computer data and threatens to destroy the data unless a ransom was promptly paid.  This problem is magnified by the fact that it is not just a single cybercriminal who is taking advantage of this flaw.  Cybercriminal computer experts often develop the sophisticated software such as Cerber and then sell it on a part of the Internet referred to as the Dark Web to other criminals who then use it against unsuspecting victims.  In this case, cybercriminal computer experts are selling not only Cerber, but the Magnitude Exploit Kit which is a tool criminals use to plant the Cerber ransomware on websites that, when visited by unsuspecting victims, downloads the Cerber ransomware on to the victims computer.  It is not even necessary to click on anything in particular in order to become infected.  Merely going to the infected website is sufficient to download the ransomware on to the victim’s computer.

I have been warning you for years about flaws in Adobe Flash  that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Here is the link to the latest Adobe Flash update as issued by the Department of Homeland Security which I urge you to download as soon as possible. https://www.us-cert.gov/ncas/current-activity/2016/04/08/Adobe-Releases-Updates-Flash-Player

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/