Emergency Response Team | Breaking Cybersecurity News | The Hacker News

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen ( 19 ) vulnerabilities in its Flash Player, including one ( CVE-2015-8651 ) that is being exploited in the wild. All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely. So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs. Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon: A Type Confusion Vulnerability that could lead to arbitrary code execution ( CVE-2015-8644 ) An Integer Overflow Vulnerability that also leads to code e...

The US Department of Homeland Security's Cyber Emergency Response Team has released a report , which stated that two American electrical power plants were compromised late last year and has identified a number of glaring electronic vulnerabilities. Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector. The tainted USB drive came in contact with a handful of machines at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment. The report did not say if the computers did or did not have up-to-date antivirus software, but it did say that current software would have found the malware.  The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks. ICS-C...