US prosecutors have charged a Lithuanian man with engaging in an email fraud scheme in which he bilked Attack.Phishing two US-based companies out of more than US $ 100 million by posing as Attack.Phishing an Asian hardware vendor . Evaldas Rimasauskas , 48 , was arrested late last week by Lithuanian authorities , Manhattan federal prosecutors said on Tuesday . Rimasauskas does not yet have legal counsel , a spokesman for the prosecutors said . The alleged scheme is an example of a growing type of fraud called “ business email compromise Attack.Phishing ” , in which fraudsters ask for money using emails targeted at companies that work with foreign suppliers or regularly make wire transfers . It is a variation on the common “phishing” scam Attack.Phishing , but on a massive scale . The FBI said last June that since October 2013 , US and foreign victims have made 22,143 complaints about business email compromise scams Attack.Phishing involving requests for almost US $ 3.1 billion in transfers . In an indictment unsealed on Tuesday , prosecutors said that to carry out his scheme , which they said began around 2013 or earlier , Rimasauskas registered a company in Latvia with the same name as an Asian computer hardware manufacturer . He then sent Attack.Phishing emails to employees of the two unnamed victim companies , described as Attack.Phishing multinational internet firms , asking them to wire money that they actually owed to the Asian company to the sham Latvian company ’ s accounts , prosecutors said . The victim companies are described as Attack.Phishing a multinational technology company and a multinational social media company . After they wired money to Rimasauskas ’ s Latvian company , Rimasauskas quickly transferred the funds to different accounts around the world , including in Latvia , Cyprus , Slovakia , Lithuania , Hungary and Hong Kong , prosecutors said . In order to conceal his fraud from banks that handled the transfers , Rimasauskas forged Attack.Phishing invoices , contracts and letters purportedly signed by executives at the two victim companies , according to prosecutors . Rimasauskas is charged with wire fraud and money laundering , which each carry a maximum prison sentence of 20 years , and identify theft , which carries a mandatory minimum sentence of two years . Acting US Attorney Joon H. Kim said : “ From half a world away , Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked Attack.Phishing their agents and employees into wiring over US $ 100 million to overseas bank accounts under his control . “ This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks Attack.Phishing by cyber criminals . ”

Adobe has resolved Vulnerability-related.PatchVulnerability six critical updates in the company 's latest round of security fixes . On Tuesday , Adobe said in a security advisory that the update impacts Vulnerability-related.DiscoverVulnerability ColdFusion version 11 , as well as the 2016 and 2018 releases of the web application development platform . In total , six of the security flaws are deemed Vulnerability-related.DiscoverVulnerability critical . The first set of vulnerabilities -- CVE-2018-15965 , CVE-2018-15957 , CVE-2018-15958 , and CVE-2018-15959 -- relate to the deserialization of untrusted data . In addition , CVE-2018-15961 is a security flaw which permits unrestricted file uploads in the software , and the final critical bug , CVE-2018-15960 , is described as Vulnerability-related.DiscoverVulnerability `` use of a component with a known vulnerability '' which can cause arbitrary file overwrite . If exploited Vulnerability-related.DiscoverVulnerability , all of the above security flaws can lead to arbitrary code execution . Three other bugs in ColdFusion have also been resolved Vulnerability-related.PatchVulnerability . CVE-2018-15962 is a flaw within directory listings that can lead to information disclosure ; CVE-2018-15963 is a security bypass bug which could permit attackers to create arbitrary folders , and CVE-2018-15964 is another security flaw caused by the use of a component with a known vulnerability which may cause data leaks . Adobe also released Vulnerability-related.PatchVulnerability a fix for Adobe Flash Player on desktop Windows , macOS , and Linux machines , as well as Flash for Google Chrome on Windows , macOS , Linux , and Chrome OS , versions 30.0.0.154 and earlier . This security flaw , CVE-2018-15967 is listed Vulnerability-related.DiscoverVulnerability as an `` important '' privilege escalation bug which could lead to information disclosure . Originally , Microsoft listed Vulnerability-related.DiscoverVulnerability the same vulnerability as critical and one which enabled attackers to perform remote code execution attacks . However , Microsoft has now amended its advisory to reflect Adobe 's severity rating . Adobe is not aware of any reports suggesting Vulnerability-related.DiscoverVulnerability the vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability in the wild but recommends Vulnerability-related.PatchVulnerability that users accept the automatic updates as soon as possible . The tech giant thanked researchers including Matthias Kaiser of Code White GmbH , Gsrc from Venustech-Adlab , and Nick Bloor of Cognitous for reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . This month 's security fixes build Vulnerability-related.PatchVulnerability upon Adobe 's August patch update , in which 11 security flaws were resolved Vulnerability-related.PatchVulnerability , including critical vulnerabilities in Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . In the same month , the tech giant also released Vulnerability-related.PatchVulnerability an out-of-schedule patch for Adobe Photoshop CC . The security update tackled Vulnerability-related.PatchVulnerability memory corruption bugs in the creative software which , if exploited Vulnerability-related.DiscoverVulnerability , could lead to code execution .