The fallout from the Hacking Team breach and data dump that I reported yesterday has begun. Security expert Brian Krebs who is the go to guy for all things security related posted this on his blog yesterday:
Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted onlinehundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.
And:
The Flash flaw was uncovered after Hacking Team’s proprietary information was posted online by hacktivists seeking to disprove the company’s claims that it does not work with repressive regimes (the leaked data suggests that Hacking Team has contracted to develop exploits for a variety of countries, including Egypt, Lebanon, Ethiopia, Sudan and Thailand). Included in the cache are several exploits for unpatched flaws, including apparently a Windows vulnerability.
Sure enough, there is an advisory from Adobe that has been posted and yet another emergency fix is due today. For those of you keeping score at home, this is the third emergency fix in the last month for Adobe Flash and further proof that it is not only being used actively in attacks, but it also incredibly insecure. Thus it appears that the decision fto remove it from my system is the correct one as constantly patching something that is clearly not secure is not a winning strategy. Having said that, if you still run Flash, you should patch your systems as soon as the patch is available. Meanwhile, I expect other vendors including Apple and Microsoft to be coming out with patches that mitigate anything that was in the Hacking Team data dump shortly as well. You might want to keep your eyes out for them and install any new patches that come out in the next week or two.
Like this:
Like Loading...
Related
This entry was posted on July 8, 2015 at 7:21 am and is filed under Commentary with tags Adobe, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Adobe Advises You To Update Flash NOW As A Result Of Hacking Team Breach
The fallout from the Hacking Team breach and data dump that I reported yesterday has begun. Security expert Brian Krebs who is the go to guy for all things security related posted this on his blog yesterday:
Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted onlinehundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.
And:
The Flash flaw was uncovered after Hacking Team’s proprietary information was posted online by hacktivists seeking to disprove the company’s claims that it does not work with repressive regimes (the leaked data suggests that Hacking Team has contracted to develop exploits for a variety of countries, including Egypt, Lebanon, Ethiopia, Sudan and Thailand). Included in the cache are several exploits for unpatched flaws, including apparently a Windows vulnerability.
Sure enough, there is an advisory from Adobe that has been posted and yet another emergency fix is due today. For those of you keeping score at home, this is the third emergency fix in the last month for Adobe Flash and further proof that it is not only being used actively in attacks, but it also incredibly insecure. Thus it appears that the decision fto remove it from my system is the correct one as constantly patching something that is clearly not secure is not a winning strategy. Having said that, if you still run Flash, you should patch your systems as soon as the patch is available. Meanwhile, I expect other vendors including Apple and Microsoft to be coming out with patches that mitigate anything that was in the Hacking Team data dump shortly as well. You might want to keep your eyes out for them and install any new patches that come out in the next week or two.
Share this:
Like this:
Related
This entry was posted on July 8, 2015 at 7:21 am and is filed under Commentary with tags Adobe, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.