Adobe Tackles New Flash Threat After Hacker Team Leak

Uploaded on 2015-07-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

hack-like-pro-use-hacking-teams-adobe-flash-exploit.1280x600.jpg 

Adobe has updated its Flash software to fix a security hole, which was made public only after data was stolen from an online surveillance company. 

Recently, private data stolen from the company was posted online, indicating it knew about a serious flaw in Flash, but had not told Adobe. One security blog said the bug had been "immediately weaponised" by attackers. "This is one of the fastest documented cases of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by the Hacking Team," wrote Jerome Segura from Malwarebytes.

Details of the software flaw were among 400GB of stolen data that was posted online. In the data, Hacking Team described the flaw as "the most beautiful Flash bug for the last four years".

Security software company, Trend Micro said the flaw had been included in at least three "exploit kits" - collections of computer code and tools that can help attackers spread malicious software.
"When you know the severity of a flaw, there's a duty to disclose it to the software vendor," said Bharat Mistry, cybersecurity expert at Trend Micro.
"Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps.
"But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals."
Adobe acknowledged the bug could "cause a crash and potentially allow an attacker to take control of the affected system".
It said the flaw affected Flash 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.
The company released an update to Flash and said it recommended people install it "within 72 hours".

BBC: http://bbc.in/1dLQyLj

 

« IS uses Encrypted Apps says FBI Chief
RBS Under Pressure over New IT Failure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.