Adobe Tackles New Flash Threat After Hacker Team Leak

Uploaded on 2015-07-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

hack-like-pro-use-hacking-teams-adobe-flash-exploit.1280x600.jpg 

Adobe has updated its Flash software to fix a security hole, which was made public only after data was stolen from an online surveillance company. 

Recently, private data stolen from the company was posted online, indicating it knew about a serious flaw in Flash, but had not told Adobe. One security blog said the bug had been "immediately weaponised" by attackers. "This is one of the fastest documented cases of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by the Hacking Team," wrote Jerome Segura from Malwarebytes.

Details of the software flaw were among 400GB of stolen data that was posted online. In the data, Hacking Team described the flaw as "the most beautiful Flash bug for the last four years".

Security software company, Trend Micro said the flaw had been included in at least three "exploit kits" - collections of computer code and tools that can help attackers spread malicious software.
"When you know the severity of a flaw, there's a duty to disclose it to the software vendor," said Bharat Mistry, cybersecurity expert at Trend Micro.
"Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps.
"But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals."
Adobe acknowledged the bug could "cause a crash and potentially allow an attacker to take control of the affected system".
It said the flaw affected Flash 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.
The company released an update to Flash and said it recommended people install it "within 72 hours".

BBC: http://bbc.in/1dLQyLj

 

« IS uses Encrypted Apps says FBI Chief
RBS Under Pressure over New IT Failure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

SecuLore

SecuLore

An innovator in public-safety-focused cybersecurity, SecuLore is dedicated to protecting critical infrastructure from cyber attacks.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.

Sherweb

Sherweb

Sherweb are a marketplace of leading cloud solutions and value-added services delivered by a team of passionate experts invested in MSP growth.