by Jim Finkle BOSTON, April 8 (Reuters) – Adobe Systems ADBE.O published Thursday an update to its Flash software after the discovery of a vulnerability exploited by hackers to carry out an attack on ransom computers running the Windows system from Microsoft MSFT.O. Flash is used through web browsers by more than one billion Internet users worldwide, and the US publisher urges all users on Windows, Mac Apple AAPL.O, Google Chrome and Linux to put GOOGL.O update as soon as its software. Researchers have discovered a vulnerability in Flash had been exploited to carry out an attack by so-called “rançongiciel” (ransomware English). The security software company Trend Micro said to have warned 4704.T Adobe by March 31 of the existence of a rançongiciel called ‘Cerber’. Once installed, Cerber encrypts data from the computer of the victim and then asked to pay, usually between 200 (175.7 euros) and 600 dollars, to make them readable again. Compared to other rançongiciels, Cerber uses a voice message to encourage victims to pay. “Cerber reads aloud his ransom to create a sense of urgency,” said on his blog Trend Micro (Http://bit.ly/1L9YYMP). The new version of Flash fixes a vulnerability in the family of “zero day” (no time limit), so named because they are a challenge to software vendors and security companies, forced to make an emergency response to a problem they have neither the time nor the means to solve. They are particularly used by States in the context of espionage and sabotage. Criminal organizations rely on the other hand more conventional vulnerabilities in their attacks. For experts, using a loophole “zero day” to spread a rançongiciel emphasizes the seriousness of the phenomenon, which affects a growing number of companies and organizations in Europe and the United States, including hospitals, police stations and schools. Indeed, rançongiciels use techniques increasingly sophisticated. “We have already seen an attack by ransom through a zero-day flaw, but it is rare,” said Kirk Storer, spokesman FEYE.O FireEye, a US computer security company. According to the company, through the program Magnitude Exploit Kit, sold on forums, hackers can infect computer automatically with a vulnerability when it goes on contaminated sites. (Claude Chendjou for the French service, edited by Bertrand Boucey)
Associated values
> © 2016 Thomson Reuters. All rights reserved.
No comments:
Post a Comment