Adobe Tackles New Flash Threat After Hacker Team Leak

hack-like-pro-use-hacking-teams-adobe-flash-exploit.1280x600.jpg 

Adobe has updated its Flash software to fix a security hole, which was made public only after data was stolen from an online surveillance company. 

Recently, private data stolen from the company was posted online, indicating it knew about a serious flaw in Flash, but had not told Adobe. One security blog said the bug had been "immediately weaponised" by attackers. "This is one of the fastest documented cases of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by the Hacking Team," wrote Jerome Segura from Malwarebytes.

Details of the software flaw were among 400GB of stolen data that was posted online. In the data, Hacking Team described the flaw as "the most beautiful Flash bug for the last four years".

Security software company, Trend Micro said the flaw had been included in at least three "exploit kits" - collections of computer code and tools that can help attackers spread malicious software.
"When you know the severity of a flaw, there's a duty to disclose it to the software vendor," said Bharat Mistry, cybersecurity expert at Trend Micro.
"Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps.
"But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals."
Adobe acknowledged the bug could "cause a crash and potentially allow an attacker to take control of the affected system".
It said the flaw affected Flash 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.
The company released an update to Flash and said it recommended people install it "within 72 hours".

BBC: http://bbc.in/1dLQyLj

 

« IS uses Encrypted Apps says FBI Chief
RBS Under Pressure over New IT Failure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

ADGS

ADGS

ADGS is a deeptech company focused in the fields of Agent-Based simulations (Emergent Behavior), Cybersecurity and Biometrics, Social Dynamics, Natural Language Processing and Artificial Intelligence.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.