Tag Archives: Adobe flash player

ALERT! Yahoo! Hit with Malware ALERT!

unnamedIn a stunning announcement Yahoo! reported it has shut down a massive malware campaign infecting billions of visitors to its websites. Some experts believe the website infected with the malware was visited as many as 300,000 times and hour. 

Malwarebytes discovered the scheme which ran from July 28th through August 3rd and used Yahoo!’s ad network to infect user’s computers with malware used for advertising.

Malvertising is a scheme where hackers trick automated advertising networks into delivering malware. The trick is becoming more and more common. This malware does not require the user to do anything to become infected. Simply browsing a website is enough to get infected. This is sometimes called a drive-by download.

Yahoo! and other big name search engines are prime targets of malvertisers because of the hundred of millions of ads they deliver daily through their advertising platforms

Jerome Segura, Senior Security Researcher at Malwarebytes said, “Malvertising is the silent killer because its does not require any type of user interaction in order to execute their payload.” Segura also warned that the victims of the attack could also have been infected with ransomware.

For nearly a week Yahoo! sites were delivering malicious ads through its ads.yahoo.com. Yahoo! users were re-directed to several different domains that exposed them to an exploit known as ‘Angler.’ According to Segura some of the sites that users were re-directed to were hosted by Microsoft’s Azure a cloud computing platform.

Security experts also revealed that another exploit named ‘RIG’ was also infecting computers at the rate of 27,000 a day. Both exploits are related to the numerous flaws recently revealed in the Adobe Flash Player software. The software is found on millions of computers to run video and games on websites.

This is not he first time that attackers have used Yahoo!’s advertising network to infect users. Last year the network was used to distribute a range of malware including a Bitcoin miner.

Malwarebyes claimed they notified Yahoo! of the situation and the company took immediate action and the exploit is no longer active. Yahoo issued the following statement:

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”

Malvertising attacks have been steadily increasing because they are so difficult to stop. According to RiskIQ attacks increased in the first half of this year at the rate of 260 percent.

James Pleger, Director of Research for RiskIQ stated ,” The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred methods for distributing malware.”

Related information;

Yahoo Malware Removal

Microsoft Safety & Security Center Malicious Software Removal Tool

Breaking It Down

If you have a good anti-virus/anti-malware software on you computer you may be safe, but just maybe. Yo may want to visit Yahoos safety website that describes how to remove this malware if you have it. But again, this may or may not work. I am not sure how it has been since this website was updated. Update you anti-virus software and all your software just to be sure.

A drive-by download is extremely dangerous. All you have to do is visit the website and you got the virus or malware. Its nice to have an anti-virus that blocks you from even going to that website. If yours doesn’t do that then switch. NOW!

Google recently updated its search engine to warn user of suspicious website before you get t them.

This is about as serous as it gets. Yahoo! is a huge company with billions of websites listed in their search results and I’d guess trillions of ads delivered annually. Imagine if a bad actor had figured out a way to distribute ransomware through the search engine. It could have been the greatest calamity in Internet history. Don’t laugh. It could still happen.

All I can say at this point is to make sure you update your anti-virus frequently. Better yet, set it to update automatically. But even that may not be enough. Take the time to search RIG exploit removal tool and Angler exploit removal kit. Take my advice.

 

 

Kill Your Adobe Flash Player!

adobe-flash-playerWhether you know it or not you are probably using Adobe Flash Player. Especially if you are using a Windows PC and it’s a problem. But first let’s get a little background on exactly what Adobe Flash Player is and why some want to see it killed.

Adobe Flash Player was the default software for playing videos, games and other animations on web pages. It became really big in 2005 when YouTube began using it. But like most technology it became obsolete. Now many websites and apps are using different and better software to do the same thing. Adobe however remains in use on millions of computers. 

So why kill Adobe Flash Player? Well first of all the thing that makes the software such a great tool is also thing that makes it a serious security issue.

Adobe Flash has the ability to directly access your computer’s memory. This leaves your computer completely open to  exploits.  An exploit is a software that commands a computer to perform a task or function. Cyber security expert Chase Cunningham of FireHost says, “Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself , your PC. That’s when you run into exploits.”

 To make this simple, somone can take over your computer and do as they please. That includes stealing data like user names and paswords or making your computer part of a bot.

For a long time Flash has been the vulnerability of choice for cybercriminals. Many governments, especially totalitarian regimes, used the flaws in Flash to spy on its advisaries.

But last week came the proverbial straw that broke the camels back. An Italian company knowns as Hacking Team had been using previously unknown flaws in Flash. The news came out after the company itself was hacked and over 400 gigabytes of data was stolen and later published online.  What goes around comes around since this company specialized in selling hacking software tools to pretty much anybody.

Security vulnerabilities in Flash are common. So common that this month alone Adobe issued security alerts and fixes for 38 vulnerabilities in Flash Player.

As a result Mozilla has blocked all automatic activations of Flash Player on its browser. Facebook security chief Alex Stamos publicly called for the death of Adobe Flash Player. Stamos tweeted: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”

Will your computer work without Adobe Flash Player? Yes it will and you are probably not going to miss it. Yes, some sites will still have video content that will require Flash Player. You can set your flash player to only activate on demand. This feature is available on most browsers and you can find the instructions here.

Breaking It Down

Most African-Americans are going to ask, how does this affect me? The answer is simple; the Adobe Flash Player is a danger to your computer and data.  Whatever information you are trying to keep secure is probably wide open to a hacker if they want it. Once a hacker is inside your machine it’s likely you may never get rid of him. That is, if your ever discover he is there in the first place. Your user names and passwords to your bank account or other sensitive data can be stolen and used to rob you or steal your identity. Isn’t that enough? Your computer could become part of a botnet used to send milions of spam messages or spread viruses or malware. Another sick thing that could happen is that hackers could take over your webcam and watch you in your home. Its time to do something about that Adobe Flash Player. Here is where you can get all the patches to repair Adobe Flash Player. But you may want ot remove it completely.

Microsoft Internet Explorer Most Vulnerable Browser

Microsoft‘s Internet Explorer is leaving users vulnerable to hackers and other cyber criminals. A recent study conducted by Bromium Labs revealed that Internet Explorer was highly vulnerable when targeted by hackers.  Adobe Flash was indicated as a major weakness for Internet Explorer and another prime target for hackers.

Bromium Labs’ report also stated that“The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers.” 

Microsoft’s Internet Explorer was the target of hacker and cyber criminals far more frequently than other popular browsers like Firefox and Google Chrome. Microsoft acknowledged this fact and has released fixes for as many as 24 vulnerabilities within Internet Explorer.

Bromium Labs reported that hackers are targeting Internet Explorer by deploying a new ‘Zero Day’ attack trend known as  “Action Script Spray.” This technique is used to attack Adobe’s Flash application which in turn makes Internet Explorer vulnerable to hacking.

Reportedly Microsoft is well aware of the long list of Internet Explorer flaws.

“We’re aware of the reported issues, one of which has been addressed in newer versions of Internet Explorer,” said a Microsoft spokesperson to The Guardian.

“Each version of Internet Explorer is more secure than the last and contains new and improved security features that help protect customers,” the spokesperson added.

Microsoft Windows is the dominant operating system on computers worldwide. The result is that most people use Internet Explorer almost by default.

Breaking It Down

Most black people use Windows products because it comes pre-loaded on their computer. Apple is popular but lets face it; you’re probably reading this using Microsoft Internet Explorer. You’re also probably using Windows Office at work and home. All these products have security flaws that are very inviting to hackers. So make sure you keep your stuff updated.

Microsoft has struggled to secure its product offerings and Internet Explorer is just another failure that they refuse to acknowledge. Using a browser to get online is a necessity. You can’t use the Internet without it. So the intelligent choice is to switch. Google and Firefox are excellent products and they are somewhat more secure. I say somewhat because none are hack proof. But the fact still remains that Microsoft is too big and too smart to be constantly issuing fixes and patches for its product. The problem is that they are not focused on security. With its power and market share Microsoft can create seismic shifts in Internet security beginning with its browser. Its almost their responsibility to do so. But alas I feel that the mighty Microsoft has struck out again. They should take a lesson from GM, they used to the the biggest car maker. Then look what happened.

 

 

ALERT! Emergency Adobe Flash Player Security Update ALERT!

As if the Windows Eflash_windowsxplorer bug was not enough here we go again. An emergency Adobe Flash Player security update has released an emergency security update  to repair yet another critical software flaw. Apparently the software has a flaw that allows hackers to takeover your computer!   This flaw is named CVE-2014-0515 and impacts Windows, MAC OS and Linux computers.

In order to fix your computer and protect yourself you need to to visit the Adobe Download Center. To clear up any confusion this Adobe Flash Player fix WILL NOT correct the Microsoft Explorer bug.

Breaking It Down

Now keep in mind this problem is unrelated to the Microsoft Explorer bug I wrote about yesterday.  But this Flash Player is yet another default program found on many computers owned by black people. Its likely you have it and don’t know it. And yes this flaw allows hackers to take over your computer. See bot, botnet and zombie. And that is why I do what I do. I encourage black people to get a little more familiar with their computer and their software. Learn what is there so you can see what’s not supposed to be there. I have said it before, if there is software on your computer you don’t use or don’t know what it is for then uninstall it.  Read; Treat Your Internet Like Your Home parts 1, 2 and 3.

This is another one of those endless mistakes that software code writers simply can’t seem to stop making. I really don’t understand this. Apple is pretty good at keeping its code secure and its only rarely that you hear of an Apple specific code issue.  So my question is;  why can’t others emulate what Apple is doing?  The hackers seem to find these holes every time. Do I need to stress that it is extremely dangerous to build a car with the gas tank in the passenger compartment? Well that’s the way I see software makers writing code. If  a mistake is made the user gets burned…over and over again.