A zero day vulnerability in Flash is being actively used by cybercriminals, according to Forbes.
A reminder that malicious code can be spread via flash memory cards like SD cards, just as easily as it can spread on USB flash drives. Check these tips to get protected.
Esta semana se ha desarrollado el concurso Pwn2Own, en el que se repartieron $400.000 a algunos participantes que han logrado vulnerar aplicaciones tan populares como Internet Explorer, Safari, Mozilla Firefox y algunos productos de Adobe. El grupo francés Vupen, conocido por comercializar las vulnerabilidades que han encontrado, se alzó con el premio más grande otorgado,
A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then
In the first part of this blog I told you how to use the basic Flash configuration utility. This blog is for the techies. This time I’ll share with you how to shut the doors on Flash and only open them to the sites you want to trust. Very few people seem to know that
Adobe Flash is, in my opinion, the most ubiquitous spyware in the world and no products detect it as such. The reason it goes undetected is that it also has numerous legitimate uses, however, there is growing evidence that indicates significant abuse. This will be the first in a series of blogs in which I
Ouch. This affects virtually everyone including Mac, Linux, and Windows users. More can be found here at the PSIRT site. And yes, there is malware already associated already with it. A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that
Our colleagues in ESET Latin-America have reported that a huge new malware distribution campaign is being carried out through the popular social network Facebook. In this instance, it is our old friend the Koobface worm that is being propagated. (For more about Koobface see Randy's post here, and for more about this particular iteration, see
As I previously pointed out http://www.eset.com/threat-center/blog/2009/08/04/calling-adobe%E2%80%99s-bluff, Adobe is at best deceptive about claims of the security and privacy of Flash. Even if you do not know what flash is or how to find it, you probably have it on your computer. If you open control panel and go to the “add or remove programs” application
Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit
Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash
Adobe has issued an important announcement, much of it relating to the impact of vulnerabilities in the Microsoft Active Template Library (ATL) flagged as CVE-2009-0901, CVE-2009-2395, CVE-2009-2493 and described in Microsoft Security Advisory (973882) on Adobe products used as Internet Explorer plug-ins. It appears that Flash Player and Shockwave Player "leverage" vulnerable versions of ATL. According to
No, nothing to do with drive-by downloads… Our colleagues in Europe came up with a nice idea: an article on the dangers of web surfing on free wi-fi and some tips on staying safe. (A topic dear to the hearts of all of us who find ourselves out and about with our laptops from time
We’ve just finished working on our monthly Threat Report. There aren’t many surprises in the top ten threats for June. Conficker has taken over the "top spot", relegating INF/Autorun to second place. It’s difficult to say for sure what the significance is, given the relatively small percentage point involved: minor fluctuations in proportions from month