Spyware, Viruses, & Security forum

Alert

NEWS - January 26, 2015

by Carol~ Moderator / January 26, 2015 7:40 AM PST
Adobe updates Flash Player again, plugs 0-day exploited by Angler

Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability (CVE-2015-0311) preyed on by the Angler exploit kit.

The company has first issued on Friday an out-of-band update for the software that plugs another zero-day security hole (CVE-2015-0310) exploited in the wild, and on Saturday released another one that solves CVE-2015-0311.

The newest versions - Flash Player 16.0.0.296 (Win and Mac) and Flash Player 11.2.202.440 (Linux) - have been received on Saturday by all those users who have enabled auto-update for the Flash Player desktop runtime.

The rest of the users only had to wait a day more for the download links for these versions to be made available.

According to the most recent information, the flaw is currently being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Adobe is working with their distribution partners to make the update automatically available in Google Chrome and Internet Explorer 10 and 11.

http://www.net-security.org/secworld.php?id=17867

[ Note: Emphasis by me ]

Related:
Adobe Fixes Second Flash Player Zero-Day Vulnerability
Adobe Begins Auto-Update Patching of Second Flash Player Zero Day
The tooth gnashing you hear is from Flash users installing a new 0day patch

See: Security Updates for Adobe Flash Player (APSB15-02)
Discussion is locked
You are posting a reply to: NEWS - January 26, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 26, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Thunderstrike Patch Slated for New OS X Build
by Carol~ Moderator / January 26, 2015 7:44 AM PST

In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.

All of the vulnerabilities have reportedly been fixed in Yosemite 10.10.2, the next build of the OSX, currently in beta and due for release soon.

iMore.com, an Apple news site, reported on Friday that Apple had to change the code "to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again."

Continued : http://threatpost.com/thunderstrike-patch-slated-for-new-os-x-build/110649

Related : Apple preparing to release Thunderstrike patch

Collapse -
Spreading the Disease and Selling the Cure
by Carol~ Moderator / January 26, 2015 7:45 AM PST

When Karim Rattani isn't manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he's usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Rattani helps run two different "booter" or "stresser" services - grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe's Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

Continued : http://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?