Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Flash Vulnerability Being Exploited In the Wild (trendmicro.com)

Posted by Soulskill on from the it-must-be-tuesday dept.

An anonymous reader writes: Researchers from Trend Micro report a new attack on fully-patched versions of Adobe Flash. The attacks originate from an espionage campaign run by the group known as Pawn Storm, and seem to target only government agencies. "Ministries of Foreign Affairs have become a particular focus of interest for Pawn Storm recently. Aside from malware attacks, fake Outlook Web Access (OWA) servers were also set up for various ministries. These are used for simple, but extremely effective, credential phishing attacks. One Ministry of Foreign Affairs got its DNS settings for incoming mail compromised. This means that Pawn Storm has been intercepting incoming e-mail to this organization for an extended period of time in 2015."

3 of 101 comments (clear)

  1. And here we go....... by JustAnotherOldGuy · · Score: 5, Insightful

    ..........another excellent reason to use AdBlock and NoScript.

    Flash not allowed to run? No Flash exploit, simple as that.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  2. Re:Uninstall it. by Anonymous Coward · · Score: 1, Insightful

    Yeah I'm sorta lost as to why a government agency would have Flash installed in the first place.

  3. Flash is either VERY buggy, or deliberately buggy. by Futurepower(R) · · Score: 3, Insightful

    It seems to me that Adobe Systems is no longer a well-managed company, and hasn't been since Bruce Chizen got tired of managing Adobe, which was well before he resigned in 2007. Here is a story from 2007 about that: Bruce Chizen's legacy.

    This is a comment from a reader of that story who called himself Tidewind: "I might be in the minority on this, but under Bruce Chizen, I felt Adobe became, well, arrogant." That was my experience, also.

    Part of the attraction of Flash has been that it is used to violate the privacy provisions of browsers. Flash can be used to generate what are called Flash-cookies, Local Shared Objects (LSOs), or Super-Cookies, which are files placed on a visitor's computer by the Flash plug-in.

    (To avoid permanent tracking: In Firefox, use the BetterPrivacy add-on.)

    Now Adobe is trying to make money by making its very expensive products even more expensive by charging monthly for them.

    Microsoft followed that monthly business model with Office 365: Pay every day, 365 days each year, even if some of those days you don't have internet access. (Read the comments about Microsoft's other methods of abuse, such as restricting each copy to one country.)

    Flash is either VERY buggy, or deliberately buggy. Possibly one way Adobe Systems makes money is by allowing vulnerabilities supplied by secret government agencies. Those agencies can spend billions of dollars of taxpayer money without public oversight.

    The new software company business model is apparently "Be abusive".