Connect with us

Hi, what are you looking for?

NewsTimes.co.uk

TECH

Warning over Adobe Flash vulnerability revealed by Hacking Team leak

An unpatched security flaw in Adobe Flash, discovered then kept secret by Italian cyber-surveillance firm Hacking Team, is now being used by malware developers to hack victims’ computers following the leak of over 400GB of data from the company’s servers.

Adobe, which says it expects to publish a patch for the vulnerability at some point on Wednesday, warns that “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system”.

Symantec warned on Tuesday that “it can be expected that groups of attackers will rush to incorporate it into exploit kits before a patch is published by Adobe”. And, sure enough, it appears that virus writers are already using the security flaw to deliver cryptolocker software, which encrypts a users’ data and demands payment to unlock it, on to unsuspecting computers.

The Hacking Team hack, which saw a BitTorrent file of the massive data dump posted to the company’s public twitter feed, contained emails, presentations and source code for its software.

The initial effect of the leak was an embarrassing number of revelations about the actions and clients of the firm, which largely provides software for law enforcement and national security to hack into the computers and mobile devices of targets.

But the leak also included the code for much of the company’s hacking software, and now virus writers are incorporating the code into their own malware. While many of the security holes used in the company’s “remote control service” (the name for its hacking software) were already publicly known and patched, there were a few vulnerabilities the company had managed to keep secret.

Known as “zero-day” vulnerabilities – because the affected companies have had zero days to release a patch – they are now being used by the wider community of malware authors, as well as Hacking Team itself. The new vulnerabilities were even accompanied by readme files, intended for internal use at Hacking Team to explain how to deploy them, which likely further reduced the time until the virus authors were able to use them in their own software.

Until the Adobe Flash patch is published, web users should be wary of visiting untrusted websites, and may want to enable “click to play” to prevent untrusted Flash files from activating.

Advertisement. Scroll to continue reading.

Questions in Brussels

Meanwhile, Dutch MEP Marietje Schaake has asked pointed questions in the European parliament about the revelations contained within the Hacking Team data dump. The documents suggest that two of Hacking Team’s clients include Russia and Sudan, two countries covered by EU sanctions.

Schaake asked of the commission whether it believed that the company “has violated EU sanctions regimes”.

She also asked the commission whether it knew of “any prior authorisation given by the Italian authorities that would allow Hacking Team to export its products to Sudan or Russia”, and whether or not the company asked the commission explicitly about export controls to those two countries.

In one document leaked from Hacking Team, which listed a number of nations as either “active” or “expired” clients, Sudan and Russia were both marked out as “not officially supported”.

Source: https://www.theguardian.com

You May Also Like

UK NEWS

Read more about switzerland women here. Swiss ladies and men are not reknown for being the most chatty, outgoing or spontaneous when meeting strangers...

FOOD TIPS

In food, if there is one thing you can say without fear of contradiction, it is this: Britain loves burgers. The UK market is...

WORLD NEWS

An exclusive article form Orestis Karipis In the 1930’s and 1940’s acid was the weapon of deceived husbands and wives in the Western world...

UK NEWS

Read more about wellhello.com here. What is SnapMingles? The questionnaire is nothing but a way to entice you into joining SPDate.com. At the end...

Copyright © 2020 NewsTimes.co.uk All Rights Reserved