The subject of Adobe’s malware riddled products especially Flash crops up so often that we are considering a rename or a ‘what’s up with Adobe today?’ weekly or even daily special.
It will come as absolutely no surprise to regular readers that yet again, there is a critical vulnerability in Adobe Flash, which is actually being exploited as you read this, and if you have a web page with flash open in another tab, there is a chance it could be happening to you. Furthermore, it isn’t being patched until today/tomorrow (depending on where you live). Deep joy.
You can read the CVE stuff here.
And the Adobe stuff here.
The fact that this vulnerability is being actively exploited, presumably in the ever popular exploit kits such as Magnitude, Nuclear and Angler should be very worrying to home users and Enterprise IT Administration alike and we urge you to make sure that you install the patch at your earliest convenience and make sure that all machines connecting to your network are appropriately patched, or disconnected/quarantined until they have drunk the holy water.
In addition to exploit kits, the nastiness is doing the rounds on dodgy unpatched websites where it has been uploaded to catch people who visit such places. Perhaps people like the users of an extreme porn site dedicated to unseemly interactions between fists and bottoms called ‘the Rosebutt Board’ which (SURPRISE) was running on old unpatched BB software and has of course been hacked mercilessly with the details of no fewer than 107,303 enthusiasts published for the world to see and chuckle at.
This hack exposed email addresses, IP addresses, passwords and usernames. According to Troy Hunt who runs the excellent haveibeenpwned website, where the unfortunate can find their fate (you may want to have a little look, who knows?) the data includes a considerable number of .mil and .gov accounts. Red cheeks all round.
Whilst it seems absolutely unbelievable to sane TOTW readers that people would use their real email address when registering for sites even marginally shady, let alone wildly out there, Ashley Madison taught us that these people are amongst us in droves. This lot are going to struggle to blame the registration on a third party/colleague/friend etc. since the IP address has been exposed. Whoops.
What is clearly not understood by many people registering on Web sites, forums and bulletin boards is that from the second of registration, the credentials presented are in the custody of system administrators unknown, who may never patch the environment becoming easy pickings for the legion of opportunistic hackers, let alone the professionals.
Be careful out there.
If you would like to discuss anything discussed in this week’s blog, please contact us at: 020 7517 3900 or email [email protected].
If you want a good laugh, Google ‘Rosebutt hack’ for the gory details.
