Scam of the day – May 14, 2017 – Important security updates

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats. as we have seen with the massive ransomware attack of Friday. Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  This has been a particular busy week for security updates including updates for Microsoft, Mozilla, Google Chrome and, of course, Adobe Flash.

TIPS

Here are links to these important security patches.

https://technet.microsoft.com/en-us/library/security/4022344.aspx

https://www.us-cert.gov/ncas/current-activity/2017/05/05/Mozilla-Releases-Security-Updates

https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html

https://www.us-cert.gov/ncas/current-activity/2017/05/09/Adobe-Releases-Security-Updates

As I have indicated previously many times, it may well be time for you to consider replacing Adobe Flash to avoid future problems with this useful, but outdated and vulnerable software.

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/

while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

 

Scam of the day – July 6, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security include critical new updates to Adobe Flash. I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Here are the links to  lists of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-172 and https://www.us-cert.gov/ncas/bulletins/SB16-186

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – April 9, 2016 – Adobe issues critical update to prevent ransomware exploitation of Adobe Flash

Although security patches are very important, I try not to make them the topics of consecutive Scams of the day, but today’s just issued security update to Adobe Flash is of such critical importance that I am breaking that rule.  Adobe has just issued an emergency update to a previously undiscovered zero day security flaw in Adobe Flash, a software program used by more than a billion people.  A zero day security flaw is a software vulnerability that had previously not been known and is exploited by cybercriminals to take advantage of the fact that there are no security software programs or patches that will prevent this flaw from being exploited by the cybercriminals.  In this particular case, security software company, Trend Micro found that cybercriminals were exploiting the flaw to infect computers with a ransomware called “Cerber.”  As with all ransomware, this program would lock and encrypt all of the victim’s computer data and threatens to destroy the data unless a ransom was promptly paid.  This problem is magnified by the fact that it is not just a single cybercriminal who is taking advantage of this flaw.  Cybercriminal computer experts often develop the sophisticated software such as Cerber and then sell it on a part of the Internet referred to as the Dark Web to other criminals who then use it against unsuspecting victims.  In this case, cybercriminal computer experts are selling not only Cerber, but the Magnitude Exploit Kit which is a tool criminals use to plant the Cerber ransomware on websites that, when visited by unsuspecting victims, downloads the Cerber ransomware on to the victims computer.  It is not even necessary to click on anything in particular in order to become infected.  Merely going to the infected website is sufficient to download the ransomware on to the victim’s computer.

I have been warning you for years about flaws in Adobe Flash  that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Here is the link to the latest Adobe Flash update as issued by the Department of Homeland Security which I urge you to download as soon as possible. https://www.us-cert.gov/ncas/current-activity/2016/04/08/Adobe-Releases-Updates-Flash-Player

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – July 16, 2015 – Adobe Flash update issued, but is it too late?

This is the third day in a row that the Scam of the day has involved Adobe Flash, but this is such an important topic and the new developments have been happening so rapidly, it warrants the coverage.  Adobe Flash is a hugely popular plug-in used for watching videos on your computer or smartphone.  Over the years it has also proven to be fertile grounds for hackers who have numerous times exploited vulnerabilities in it to hack into and take over the computers and smartphones of individuals, businesses and government agencies.  Shortly after Adobe released a new security patch following the discovery of yet another vulnerability by security company FireEye which reported its discovery to Adobe to give them the opportunity to develop a patch, we learned about two more Adobe Flash vulnerabilities by way of the information  made public when the spyware company The Hacking Team became a victim of a very public hacking.  The Hacking Team had been exploiting the Adobe Flash vulnerabilities for its own end.  Now, Adobe has come up with a patch for the latest Adobe Flash vulnerabilities to become known, but for many of us, this is too little and too late.  As I urged you yesterday, I think you should uninstall Adobe Flash and switch to a different video viewing plug-in.  There is little reason to believe that future vulnerabilities will not be discovered in  Adobe Flash and exploited by hackers and other criminals.  Exploit kits, which are packets of computer code that exploit these vulnerabilities are being sold by criminals to other criminals to enable them to hack the computers and smartphones of unsuspecting victims.  A sad commentary on the effectiveness of these Exploit kits is that many of them are still being used against vulnerabilities in Adobe Flash for which patches have already been developed and made available, but people, companies and government agencies have been lax in installing the patches to protect themselves.

TIPS

If you are still interested in using Adobe Flash, here is a link to the latest security patch to remedy the most recently discovered vulnerabilities.  https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

However, my advice still is to uninstall Adobe Flash and install a different plug-in for video viewing.

Another important lesson is to make sure that you update all of your software as soon as security patches and updates become available.  Delaying in doing so puts you at much greater risk of being hacked and identity theft.  Here at Scamicide, we will continue to provide you with the latest security patches and updates as they become available.

Scam of the day – July 14, 2015 – More Adobe Flash problems and other security patches

As I wrote about previously, the recent hacking of the spyware company Hacking Team has exposed two new serious Adobe Flash vulnerabilities  that are already being exploited by hackers and identity thieves.  Anyone who uses Adobe Flash is in danger.  With its history of its vulnerabilities having been exploited by hackers for years, now may be a good time for people to consider disabling Adobe Flash and using other video software programs.  Some alternatives include LightSpark, Unity Web Player, GNU Gnash, and Silverlight.  Silverlight can be downloaded directly from the Microsoft website.

Below I will provide you with the latest security advisory from Adobe Flash although it should be emphasized that as I write today’s Scam of the Day there are no security patches yet available for the latest two discovered vulnerabilities in Adobe Flash.  However, there are security patches available for other problems with Adobe Flash that you should install if you are still using this program.  Also below you will find a link to the latest security update from the Department of Homeland Security with many critical security patches.

TIPS

Here is the link to the latest security advisory from Adobe:  https://www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free

Here is the link to the latest security update alert from the Department of Homeland Security:  https://www.us-cert.gov/ncas/bulletins/SB15-194