Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats. Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices. Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use. Delay in updating your software could lead to disastrous results. However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update. These new updates from the Department of Homeland Security include critical new updates to Adobe Flash and ten Microsoft updates. I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House. Problems with Adobe Flash are nothing new. In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable. Despite security patch after security patch, new problems keep coming up. It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.
Here are the links to lists of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-284 and
Some alternative plugins you may wish to consider to replace Adobe Flash include GNU Gnash, and Silverlight. Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/
In an update on the continuing saga of the danger to all of us presented by continuing vulnerabilities in the Adobe Flash browser plugin for watching videos, Mozilla, the maker of the popular Firefox browser has blocked Adobe Flash from use on Firefox as a security protection to Firefox users. This came just a day after Facebook’s head of security went on record saying that Adobe should stop making Flash because it is too flawed. Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House. Problems with Adobe Flash are nothing new. In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable. Despite security patch after security patch, new problems keep coming up. It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.
Some alternative plugins you may wish to consider include GNU Gnash, and Silverlight. Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/
Yesterday I warned you about a potentially devastating flaw discovered in Internet Explorer that could enable a hacker to not only take control of your computer, but also gain access to all of the information contained in your computer and use it to access your bank accounts, use your credit cards and make you a victim of identity theft. The malware required to exploit the vulnerability in Internet Explorer must be downloaded by you either by clicking on a link in an otherwise unobtrusive email that contains the malware or even by going to a website that uses a compromised Adobe Flash file. Microsoft is not expected to have a security patch developed for a couple of weeks and even that is merely an estimate, but there are some steps that everyone should consider doing to protect themselves from this threat.
First and most obvious, you should consider using an alternative web browser such as Mozilla Firefox which does not have the same vulnerability. You also may wish to download a just released security patch for Adobe Flash. Here is a link to the security update for Adobe Flash: https://www.us-cert.gov/ncas/current-activity/2014/04/28/Adobe-Releases-Security-Updates-Flash-Player
While you are at it, you should also install the latest security update for Mozilla Firefox which has just been released by the Department of Homeland Security. Here is a link to that security update: https://www.us-cert.gov/ncas/current-activity/2014/04/29/Mozilla-Releases-Security-Updates-Firefox-Thunderbird-and-Seamonkey
As always, it is also important to protect yourself from malware by not clicking on links or downloading attachments unless you are absolutely sure that they are legitimate because often malware is imbedded in these links and attachments.
Internet Explorer is one of the most popular web browsers. Yesterday Microsoft, the maker of Internet Explorer announced that they had discovered a major flaw in the security of this program that is already being exploited by hackers. Hackers are already taking advantage of this flaw to take over computers using Internet Explorer, steal information from their victims and take total control of the infected computer. The danger of this flaw cannot be overstated. Microsoft is working on a security patch for this problem, but does not have one presently. This problem is made worse for those people still using Windows XP because since April 8th, Microsoft is no longer providing updated security patches for that operating system so when a security patch is developed, it will not be effective for computers still using Windows XP.
Those of you still using Windows XP should update your operating system as soon as possible. Everyone else should use other browsers such as Firefox until a security patch is provided by Microsoft. You also may wish to use the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to take protective steps although this will not protect you fully. You also should consider disabling your Adobe Flash plugin if you have one because this is used by hackers in their attacks. You also should remember that for a hacker to install the malware on your computer or other electronic device to exploit this vulnerability, you need to have clicked on a tainted link or downloaded a tainted attachment. Therefore, as always you should avoid clicking on links or downloading attachments unless you are absolutely sure that they are legitimate.
Here is the link to the announcement of the Department of Homeland Security regarding this matter, which also contains a link to the Microsoft Enhanced Mitigation Experience Toolkit. https://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
Facebook users are always targeted by scammers because there are so many of them. The latest Facebook scam occurs when you receive an email telling you that your Facebook account has been canceled and that you need to click on a link to either confirm or cancel the request. the link doesn’t take you to an official Facebook page, but it does take you to a third party application present on the Facebook platform. this unfortunately is enough to fool some people. If you click on the link, you are asked to allow an unknown Java applet to be installed on your computer. Unfortunately, if you agree to have the Java applet be installed you are told your Adobe Flash must be updated. Unfortunately, when you click to update your Adobe Flash, you are not updating your Adobe Flash but downloading keystroke logging malware that will steal all of your personal information from your computer.
Trust me, you can’t trust anyone. Never click on links unless you are absolutely positive that they are legitimate. If you get an email such as this and are concerned. Contact Facebook security on the phone or over the Internet at addresses and telephone numbers that you know are accurate.