Hackers exploiting vulnerabilities in Adobe Flash Player! Have you updated?
Earlier this week Adobe urged users of its Flash multimedia software to update to the latest version, as hackers exploit vulnerabilities in the software by using the malware known as FinSpy and or FinFisher. This malware is a high-end commercially sold product, acquired by nation states or law enforcement agencies, with the primary purpose of surveillance. The warning came after cybersecurity firm Kaspersky Lab Inc said a group it was tracking, BlackOasis, used the previously unknown weakness on Oct. 10 to plant malicious software on computers before connecting them back to servers in Switzerland, Bulgaria and the Netherlands. Kaspersky said its assessment of BlackOasis shows it is targeting Middle Eastern politicians and United Nations officials engaged in the region, opposition bloggers and activists, and regional news correspondents with the latest version of FinSpy. The company said victims have so far been observed in Russia, Iraq, Afghanistan, the United Kingdom, Iran and elsewhere in Africa and the Middle East. Adobe said it had released a Flash security update to fix the problem, which affected Google's Chrome and Microsoft's Edge and Internet Explorer browsers as well as desktop versions. Adobe said in July that by the end of 2020 it would retire its once-ubiquitous technology used to power most of the media content found online.
A lot of malware issues can be circumvented with real-time automated patch-manage solutions, as found in Kaspersky's Advance option. You may recall earlier in the year the NHS under attack from Ransomware. Well, we now know this was in part due to a lack of patch management. Always keep your patches up-to-date!!!