Flash, Smash, W4ll0p

 In ITC's Threat of the Week

Three things to bring to your attention this week, although REALLY boringly, none of them will come as any surprise whatsoever.

Regular readers may have noticed us banging on about the all too frequently discovered, not to mention used in real life crime, bugs in Adobe’s Flash products. In fact as recently as May this year, we joked about having a ‘What’s up with Adobe today?’ weekly or even daily special.

Well, guess what? Yes, no prizes for this one. This week Adobe patched yet another 52 security holes in flash player. You read that right 52.

You can read all about the latest saga here.

Graham Cluley, a mighty fine security blogger has some excellent tips on how to patch Flash and if you want to, and we think you should really consider this, totally remove it here.

The next piece of unsurprising news is that as predicted by our in-house sage, RansomWare continues to march on. You really need to be on the lookout for requests for invoice payment or emails claiming to have invoice details with attached spreadsheets, which obviously contain RansomWare.

The particular variant that is doing the rounds currently is Locky, which has been observed in up to 120,000 spam emails an hour by the guys at F-Secure. Read all about it here.

As well as electronic controls like up to date AV, spam filters etc. it is imperative that staff are trained and repeatedly refreshed to identify potentially dodgy emails. If you would like some advice on building a staff training programme, please get in touch with us.

Last but not least this week is the release of a very nasty or if you are a bad person, brilliant toolkit, which enables passwords to be checked automatically against a broad array of cloud services.

This toolkit is called Shard. Hands on readers can download it here.

In essence it takes a password that may have been obtained for a specific user, perhaps one of the hundreds of millions of passwords that have been leaked this year or in previous years, and checks it against a broad array of cloud services, automatically. It is also easily extensible. Ouch.

If you still reuse passwords, we strongly advise you to cease and desist and use a password manager, we are quite fond of the open source KeePass product, in addition to using the two-factor authentication offered by any of the providers that you use. If you don’t heed this advice, it is only a matter of time. You have been w4rn3d.

If you would like to have a good old moan about Flash, RansomWare or want some advice on password management, contact us on: [email protected] or call us on 020 7517 3900.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return