Tag Archives: exploits

Breach Brief – America’s JobLink Alliance

America’s JobLink Alliance (AJLA)  reported  a data breach exposed the sensitive information of job-seekers in at least 10 states. Hackers were able to gain unauthorized access to the names, Social Security numbers, and birth dates of millions of job seekers in their database. According to AJLA the breach occurred between Feb. 23 and March 14, 2017. The breach affects job seekers in the following 10 states Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.  According to the Idaho Department of Labor, as many as 4.8 million accounts may have been compromised nationwide.

The U.S. Department of Labor (DOL) provides the Kansas based AJLA to the states but the service is mangaged by a third party. AJLA is used to coordinate federal unemployment and workforce development programs across the country.

AJLA reported that on February 20 a hacker created a new account, then atacked a previously unknown a vulnerability to gain access to job seekers’ information.  AJLA technical support said in a statement that it first noticed unusual activity on March 12th, and confirmed the breach on March 21st.

The organization is working with law enforcement and contracted a forensic firm to identify what accounts were affected. “The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA-TS system,” AJLA stated.

The DOL is sending direct notification, via email or regular mail, to all customers whose accounts may have been compromised. The AJLA has also set up a toll-free phone number to call for information; 844-469-3939.

Kill Your Adobe Flash Player!

adobe-flash-playerWhether you know it or not you are probably using Adobe Flash Player. Especially if you are using a Windows PC and it’s a problem. But first let’s get a little background on exactly what Adobe Flash Player is and why some want to see it killed.

Adobe Flash Player was the default software for playing videos, games and other animations on web pages. It became really big in 2005 when YouTube began using it. But like most technology it became obsolete. Now many websites and apps are using different and better software to do the same thing. Adobe however remains in use on millions of computers. 

So why kill Adobe Flash Player? Well first of all the thing that makes the software such a great tool is also thing that makes it a serious security issue.

Adobe Flash has the ability to directly access your computer’s memory. This leaves your computer completely open to  exploits.  An exploit is a software that commands a computer to perform a task or function. Cyber security expert Chase Cunningham of FireHost says, “Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself , your PC. That’s when you run into exploits.”

 To make this simple, somone can take over your computer and do as they please. That includes stealing data like user names and paswords or making your computer part of a bot.

For a long time Flash has been the vulnerability of choice for cybercriminals. Many governments, especially totalitarian regimes, used the flaws in Flash to spy on its advisaries.

But last week came the proverbial straw that broke the camels back. An Italian company knowns as Hacking Team had been using previously unknown flaws in Flash. The news came out after the company itself was hacked and over 400 gigabytes of data was stolen and later published online.  What goes around comes around since this company specialized in selling hacking software tools to pretty much anybody.

Security vulnerabilities in Flash are common. So common that this month alone Adobe issued security alerts and fixes for 38 vulnerabilities in Flash Player.

As a result Mozilla has blocked all automatic activations of Flash Player on its browser. Facebook security chief Alex Stamos publicly called for the death of Adobe Flash Player. Stamos tweeted: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”

Will your computer work without Adobe Flash Player? Yes it will and you are probably not going to miss it. Yes, some sites will still have video content that will require Flash Player. You can set your flash player to only activate on demand. This feature is available on most browsers and you can find the instructions here.

Breaking It Down

Most African-Americans are going to ask, how does this affect me? The answer is simple; the Adobe Flash Player is a danger to your computer and data.  Whatever information you are trying to keep secure is probably wide open to a hacker if they want it. Once a hacker is inside your machine it’s likely you may never get rid of him. That is, if your ever discover he is there in the first place. Your user names and passwords to your bank account or other sensitive data can be stolen and used to rob you or steal your identity. Isn’t that enough? Your computer could become part of a botnet used to send milions of spam messages or spread viruses or malware. Another sick thing that could happen is that hackers could take over your webcam and watch you in your home. Its time to do something about that Adobe Flash Player. Here is where you can get all the patches to repair Adobe Flash Player. But you may want ot remove it completely.