Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets' computers. Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who in the last year hacked into the White House and State Department computer systems.
Recently, the security firm, FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting the flaw in Adobe Flash uncovered by FireEye. FireEye confidentially and promptly notified Adobe which quickly created a patch for the problem. A link to the patch can be found below.
The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often government agencies, individuals and companies fail to update their software in a timely fashion.
Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers. Ransomware encrypts and locks your computer data. The hacker then threatens to destroy the data unless a ransom is paid immediately.
Mark Twain once said, "Never put off until tomorrow, what you can do the day after tomorrow" and many computer users in government and private industry as well as individual computer users take his advice to heart. Twain, however, never had a computer and if you do have a computer, you cannot put off installing security updates and patches for your computer's software without running the serious risk of becoming the victim of hackers who are always looking to take advantage of those people who fail to protect their computers after a security patch or update is available.
However, if you are one of those procrastinators, you are not alone. According to a 2014 report of the Minority Staff of the Senate Homeland Security and Governmental Affairs Committee, while IRS officials said that they expected critical patches to be installed within 72 hours of becoming available, the Treasury Inspector General for Tax Administration found it took the IRS an average of 55 days to install critical security patches and updates, thereby leaving IRS computers extremely vulnerable to cyberattacks. The same Senate report also found the Department of Homeland Security repeatedly failed to install software updates and security patches.
Once a security update or patch is released, even hackers who may not have been aware of the vulnerabilities now being patched are put on notice of the software flaws and they rush to take advantage of those of us who delay installing the security updates.
Businesses, government agencies and individual computer users must learn to make it a priority to install the latest security patches and updates as soon as they become available.
Although, not a security update, the new Windows 10 operating system is scheduled to start being released on July 29th. If you are a user of Windows 7 or Windows 8.1 you are eligible to receive the new Windows 10 operating system for free. Microsoft is letting these customers reserve the new operating system now. Microsoft is notifying customers through a new icon on your taskbar or a popup message. Clicking on the message will take you to a page where you can sign up by merely providing your email address.
Once Windows 10 is available Microsoft will then download it to your computer. Over the years Microsoft has issued new operating systems after years of patches and updates of the previous operating systems. When it became too cumbersome and difficult to patch the old operating systems, new ones have been released.
Unfortunately, many individuals and companies still use the old operating systems, such as Windows XP although they were warned for years that new security updates would no longer be issued after a specific date. People and companies continuing to use the old operating systems, particularly Windows XP have become easy targets for hackers exploiting the vulnerabilities of the older operating systems.
The upcoming release of Windows 10 will be exploited by scammers and identity thieves. In particular you may receive emails or text messages with links or downloads that purport to be of Windows 10. Don't trust them. Microsoft is not contacting people by emails or text messages regarding Windows 10.
Any email or text message, regardless of how legitimate it may look asking you to download an attachment or click on a link to install your Windows 10 is a scam. If you click on those links or download those attachments all you will succeed in doing is downloading malware that will make you a victim of identity theft.
Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scam, cybersecurity and identity theft. He writes the blog www.scamicide.com, and his new book is Identity Theft Alert.
No comments:
Post a Comment