Adobe Tackles New Flash Threat After Hacker Team Leak

Uploaded on 2015-07-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

hack-like-pro-use-hacking-teams-adobe-flash-exploit.1280x600.jpg 

Adobe has updated its Flash software to fix a security hole, which was made public only after data was stolen from an online surveillance company. 

Recently, private data stolen from the company was posted online, indicating it knew about a serious flaw in Flash, but had not told Adobe. One security blog said the bug had been "immediately weaponised" by attackers. "This is one of the fastest documented cases of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by the Hacking Team," wrote Jerome Segura from Malwarebytes.

Details of the software flaw were among 400GB of stolen data that was posted online. In the data, Hacking Team described the flaw as "the most beautiful Flash bug for the last four years".

Security software company, Trend Micro said the flaw had been included in at least three "exploit kits" - collections of computer code and tools that can help attackers spread malicious software.
"When you know the severity of a flaw, there's a duty to disclose it to the software vendor," said Bharat Mistry, cybersecurity expert at Trend Micro.
"Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps.
"But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals."
Adobe acknowledged the bug could "cause a crash and potentially allow an attacker to take control of the affected system".
It said the flaw affected Flash 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.
The company released an update to Flash and said it recommended people install it "within 72 hours".

BBC: http://bbc.in/1dLQyLj

 

« IS uses Encrypted Apps says FBI Chief
RBS Under Pressure over New IT Failure »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.