Scam of the day – May 14, 2016 – Yet another Adobe Flash critical update

For the third consecutive month, Adobe is issuing a security patch for its popular Adobe Flash software to protect you from the threat of a recently discovered zero day security flaw.  A zero day security flaw is a software vulnerability that had previously not been known and is used by cybercriminals to take advantage of the fact that there are no security software programs or patches that will prevent this flaw from being exploited by the cybercriminals.   I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

If you use Google Chrome, Microsoft Edge or Microsoft Internet Explorer 11, you do not need to download the newly issued security patch because these browsers automatically download the necessary Adobe Flash security patch on to your computer.  However, other browsers such as the popular Mozilla Firefox and Internet Explorer 9 do not automatically install these security patches.  In any event, Adobe Flash has already been proven to be so vulnerable to successful attacks by hackers that installing new security patches as quickly as they are issued is little more than putting a Band-aid on the Titanic if I can mix my metaphors.

TIPS

Here is the link to the latest Adobe Flash update as issued by the Department of Homeland Security which I urge you to download as soon as possible. https://www.us-cert.gov/ncas/current-activity/2016/05/12/Adobe-Releases-Security-Updates-Flash-Player

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – April 9, 2016 – Adobe issues critical update to prevent ransomware exploitation of Adobe Flash

Although security patches are very important, I try not to make them the topics of consecutive Scams of the day, but today’s just issued security update to Adobe Flash is of such critical importance that I am breaking that rule.  Adobe has just issued an emergency update to a previously undiscovered zero day security flaw in Adobe Flash, a software program used by more than a billion people.  A zero day security flaw is a software vulnerability that had previously not been known and is exploited by cybercriminals to take advantage of the fact that there are no security software programs or patches that will prevent this flaw from being exploited by the cybercriminals.  In this particular case, security software company, Trend Micro found that cybercriminals were exploiting the flaw to infect computers with a ransomware called “Cerber.”  As with all ransomware, this program would lock and encrypt all of the victim’s computer data and threatens to destroy the data unless a ransom was promptly paid.  This problem is magnified by the fact that it is not just a single cybercriminal who is taking advantage of this flaw.  Cybercriminal computer experts often develop the sophisticated software such as Cerber and then sell it on a part of the Internet referred to as the Dark Web to other criminals who then use it against unsuspecting victims.  In this case, cybercriminal computer experts are selling not only Cerber, but the Magnitude Exploit Kit which is a tool criminals use to plant the Cerber ransomware on websites that, when visited by unsuspecting victims, downloads the Cerber ransomware on to the victims computer.  It is not even necessary to click on anything in particular in order to become infected.  Merely going to the infected website is sufficient to download the ransomware on to the victim’s computer.

I have been warning you for years about flaws in Adobe Flash  that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Here is the link to the latest Adobe Flash update as issued by the Department of Homeland Security which I urge you to download as soon as possible. https://www.us-cert.gov/ncas/current-activity/2016/04/08/Adobe-Releases-Updates-Flash-Player

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – March 13, 2016 – Adobe Flash software update

I have been writing about the security flaws in Adobe Flash for years and finally in July of 2015 I advised everyone to disable Adobe Flash and use other video software.   Unfortunately, some popular websites including HBO and Spotify still require the use of Adobe Flash.  In 2015, Mozilla, the maker of the popular Firefox browser  blocked Adobe Flash from use on Firefox as a security protection to Firefox users.  That came just a day after Facebook’s head of security went on record saying that Adobe should stop making Flash because it is too flawed.  Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Some alternative plugins you may wish to consider include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Meanwhile, for those of you who still wish to use Adobe Flash, you should make sure that you update your Adobe Flash software whenever new security patches are issued, which Adobe has just done.  Here is a link to the new security update as indicated by the Department of Homeland Security: https://www.us-cert.gov/ncas/current-activity/2016/03/10/Adobe-Releases-Security-Updates-Flash-Player

Scam of the day – July 15, 2015 – Time to stop using Adobe Flash

In an update on the continuing saga of the danger to all of us presented by continuing vulnerabilities in the  Adobe Flash browser plugin for watching videos, Mozilla, the maker of the popular Firefox browser has blocked Adobe Flash from use on Firefox as a security protection to Firefox users.  This came just a day after Facebook’s head of security went on record saying that Adobe should stop making Flash because it is too flawed.  Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Some alternative plugins you may wish to consider include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

 

Scam of the day – July 14, 2015 – More Adobe Flash problems and other security patches

As I wrote about previously, the recent hacking of the spyware company Hacking Team has exposed two new serious Adobe Flash vulnerabilities  that are already being exploited by hackers and identity thieves.  Anyone who uses Adobe Flash is in danger.  With its history of its vulnerabilities having been exploited by hackers for years, now may be a good time for people to consider disabling Adobe Flash and using other video software programs.  Some alternatives include LightSpark, Unity Web Player, GNU Gnash, and Silverlight.  Silverlight can be downloaded directly from the Microsoft website.

Below I will provide you with the latest security advisory from Adobe Flash although it should be emphasized that as I write today’s Scam of the Day there are no security patches yet available for the latest two discovered vulnerabilities in Adobe Flash.  However, there are security patches available for other problems with Adobe Flash that you should install if you are still using this program.  Also below you will find a link to the latest security update from the Department of Homeland Security with many critical security patches.

TIPS

Here is the link to the latest security advisory from Adobe:  https://www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free

Here is the link to the latest security update alert from the Department of Homeland Security:  https://www.us-cert.gov/ncas/bulletins/SB15-194

 

Scam of the day – July 9, 2015 – Spyware company hacking leads to discovery of critical new Adobe Flash flaw

It was only a week ago that I told you about a critical vulnerability in the popular Adobe Flash software so many people use for viewing videos.  Now following the embarrassing hacking and data breach at the Italian spyware company Hacking Team which sells spyware to governments, it has been learned that among the 400 gigabytes of files, source code and emails stolen and made public was source code for Adobe Flash software that can be and has been exploited by hackers to take control of computers running Adobe Flash.  Unlike the previous Adobe Flash flaw, which was discovered by security company FireEye, which notified Adobe in timely fashion to enable them to produce a security update, the new flaw discovered by Hacking Team had been kept secret by them which allowed them to exploit the vulnerability with its own spyware.  Since the time of the making public of this software vulnerability, enterprising hackers have already started selling kits on black market websites to other hackers that enable them to hack into computers running Adobe Flash.   Everyone using Adobe Flash is extremely vulnerable to identity theft and having their computer data stolen.

TIPS

Adobe Flash has been a constant target of hackers and some people are just choosing to disable it and use other video viewing software.  Some alternatives include LightSpark, Unity Web Player, GNU Gnash, and Silverlight.  Silverlight can be downloaded directly from the Microsoft website.  Adobe Flash has just released a security patch to fix the flaw.  Here is a link to the critical security patch to fix your Adobe Flash software: https://www.us-cert.gov/ncas/current-activity/2015/07/08/Adobe-Releases-Security-Updates-Flash-Player