0 Members and 1 Guest are viewing this topic.
Malware found on Guardian article that asks if cybercrime is out of controlSecurity researchers have observed that a Guardian newspaper article exploring the various facets of cybercrime is redirecting visitors to a webpage hosting the Angler exploit kit. Ironically (or perhaps not so much), the Guardian article redirecting to Angler is a piece by Misha Glenny entitled "Cybercrime: is it out of control?"In this particular attack, it would appear that Angler has a soft spot for older vulnerabilities.One of the bugs exploited is CVE-2014-6332... covered in Microsoft's MS14-064 patch around this time last year.Angler also embeds a Flash object on the page at runtime and reserves the right to serve up an exploit targeting Adobe's software.News of this infection arrived just one day after... blog pages at The Independent newspaper were also redirecting visitors to Angler. In this case, if users were running an out-of-date version of Adobe Flash Player, the exploit kit would download the TeslaCrypt 2.2.0 ransomware onto their PCs. In both instances, Angler relies on old vulnerabilities to infect unpatched machines. This just goes to show how important it is to install all software patches as soon as they become available. Trust me. It could save you a massive headache in the future.
Independent blog site hit by malwareThe Independent newspaper's blogging platform has been briefly compromised with malware that infects readers' computers, security experts have said.The malware exploits a security hole in Adobe Flash Player to install itself on a victim's computer.Once downloaded, it sets about encrypting documents, rendering them useless without the key to decrypt them, for which it demands a ransom.The vulnerability in Flash has since been patched, but anybody using an old version of the web browser plug-in could still be at risk.Raimund Genes, chief technical officer at Trend Micro [said]... "My advice is to update your Flash Player. Always do it immediately when it says an update is available, because Flash remains one of the main ways attackers can compromise a system."This so-called malvertising has been found on many other places. Other newspapers as well as streaming sites and porn hosts have all briefly hosted booby-trapped ads.
Speedtest ditches Adobe FlashAdobe’s all-but-dead Flash platform is known for hogging extra computing resources. Ookla is in the process of beta testing the new version of Speedtest, the website that comes with all new design that is noticeably more minimalist than its current flash-based website and also does not require any resource-intensive plugin.The usage of Adobe flash was strongly criticised by Apple’s co-founder Steve Jobs. The support for Adobe flash was also deprecated in some of the Apple’s products. Adobe itself issued a statement asking all the web developers to stop building any tools that makes use of Flash product. Adobe was also forced to rename its signature software from Adobe Flash Professional CC to Animate CC to remove the infamous “Flash” name from its product and to better associate its product with animation.In fact many major websites including some of the popular streaming services like HBO and Spotify even now relies on Flash to operate – thus keeping the Adobe Flash live even now.Ookla’s speedtest measures the ping, upload and download speeds of Internet connection.
It looks to me that giving preference to HTML5 is a YouTube option rather than part of Firefox. FF does give the option to run in "Flash Protection Mode".
Cross-site scripting (XSS): When a malicious hacker inserts malicious code into a trusted website.
Are you blocking online ads yet?Perhaps you should.The likes of Forbes and Yahoo Mail are reportedly trying to block access to users who are running ad blockers. But it's an argument that is losing ground as more and more internet users find their computers are compromised by malvertising.According to security firm MalwareBytes, the latest high profile site to be found spreading malware to its visitors via dodgy ads is MSN.As researcher Jerome Segura reports, the attack appears to have been primarily focused on German users - posing as an ad for the cheap-and-cheerful supermarket chain Lidl.