Engadget: Latest Adobe Flash vulnerability allowed hackers to plant malware. “Adobe Flash may be on its way out, but apparently, its goodbye tour is going to be marred by security issues just as the software has for most of its existence. Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. “
Computerworld: Microsoft’s anti-malware sniffing service powers Edge to top spot in browser blocking tests. “Microsoft’s Edge browser, the default in Windows 10, blocked a higher percentage of phishing and socially-engineered malware (SEM) attacks than Google’s Chrome and Mozilla’s Firefox, a Texas security testing firm said Friday.”
Ars Technica, in our, “You’ve-Got-to-Be-Kidding-Me” Department: Equifax website borked again, this time to redirect to fake Flash update. “In May credit reporting service Equifax’s website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors’ computers with adware that was detected by only three of 65 antivirus providers.” Can someone please just shut this company down. This is insane.
BetaNews: PornHub users hit by sustained, targeted malvertising campaign. “Millions of PornHub users in the US, UK, Canada and Australia were targeted by a malicious advertising campaign lasting for more than a year. The malvertising attack tried to trick users of the world’s most popular porn site into installing fake browser updates.”
The Verge: Fraudulent ad-blocking extension tricks 37,000 Google Chrome users. “While Microsoft doesn’t have enough extensions for its browser, Google has too many unwanted ones. An extension that tried to mimic the popular Adblock Plus extension was not only allowed into the Chrome Web Store but it was also only taken down after 37,000 users had already downloaded it.”
From ZDNet (not just linking to the headline because it’s about 4000 characters long), a story on a new tool for identifying ransomware and available decryptors, if any. “The Bitdefender Ransomware Recognition Tool analyses the ransom note and the encrypted file samples to identify the strain of ransomware and suggest a decryption tool based on indicators of confidence. If the ransomware has an associated decryption tool, the platform provides a link to it in order to allow the victim to retrieve the files for free.”
Ars Technica: CCleaner malware outbreak is much worse than it first appeared. “The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.”