The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Latest Cyber Security, Hacking & Tech News: Flash Player

Bye bye, Flash! Google to Ban Flash-based Advertising

Bye bye, Flash! Google to Ban Flash-based Advertising

February 10, 2016Unknown
Google had also joined the path of Apple, Facebook, and Youtube to kill the "Adobe Flash Player" by announcing that the company is banning Flash banner support from its Adwords Advertising platform. "To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5" Google says. It's been two decades since Adobe Flash has ruled the Web Space Animation Arena, which was the de facto standard for playing the online videos. Flash Player had been famous for Zero-day exploits which are a potential threat to online users. Even Adobe tried to maintain equilibrium by releasing a countless number of patches frequently (that got hiked), for instant reported vulnerabilities, but this had annoyed both customers and companies. The endless troubleshooting of the Flash Player plugins never resolved the vulnerabilities. To put a full stop on this issue... many major t
Malware Poses as Flash Update Infects 110,000 Facebook Users within 2 Days

Malware Poses as Flash Update Infects 110,000 Facebook Users within 2 Days

January 31, 2015Wang Wei
Facebook users just Beware!! Don’t click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebook users with a malware Trojan in just two days and it is still on the rise, a security researcher warned Friday. The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user . "In the new technique, which we call it ' Magnet ,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post," said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.  "A tag may
Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

May 12, 2014Swati Khandelwal
Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites. Today hackers and cyber criminals are using every tantrum to steal users’ credentials and other sensitive data by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and financial websites as well. DETECTING FAKE DIGITAL CERTIFICATES WIDELY A Group of researchers, Lin-Shung Huang , Alex Ricey , Erling Ellingseny and Collin Jackson , from the Carnegie Mellon University in collaboration with Facebook have analyzed [ PDF ] more than 3 million SSL connections and found strong evidence that at least 6;845 (0:2%) of them were in fact tampered with forged certificates i.e. self-signed di
Adobe issues Emergency Flash Player update to patch critical zero-day threat

Adobe issues Emergency Flash Player update to patch critical zero-day threat

February 05, 2014Anonymous
Adobe is recommending that users update their Flash Players immediately. The company has published an emergency security bulletin today, that addresses vulnerabilities the Flash Player and released a patch to fix a vulnerability which is currently being exploited in a sophisticated cyber espionage campaign. " Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin. " The vulnerability ( CVE-2014-0497 ), allows an attacker to remotely take control of the targeted system hosting Flash. " These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system " advisory said. The security hole affects the version 12.0.0.43 and earlier for both Windows and Mac OSs and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. The vulnerability was discovered by two researchers
Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

November 13, 2013Mohit Kumar
Adobe released critical security patches for its ColdFusion web application server and  Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330. The following software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows Adobe Flash Player 11.2.202.310 and earlier versions for Linux Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities: Cross-site scripting (XSS) vulnerability (CVE-2013-5326) Allow unauthorized remote read access (CVE-2013-5328) Both products have been patched mul
BlackBerry Z10 Privilege Escalation Vulnerability

BlackBerry Z10 Privilege Escalation Vulnerability

June 18, 2013Mohit Kumar
BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 (CVE-2013-3692) According to the advisory , an escalation of privilege vulnerability exists in the software 'BlackBerry® Protect™' of  Z10 phones, supposed to help users delete sensitive files on a lost or stolen smartphone , or recover it again if it is lost. “ Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe. " The company says that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in
Stabuniq Trojan rapidly stealing data from US banks

Stabuniq Trojan rapidly stealing data from US banks

December 23, 2012Mohit Kumar
Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq , the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack. According to researchers , roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York. The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit . Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player , Adobe Reader , or Java. These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account information. Once in
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.