Adobe has emitted Vulnerability-related.PatchVulnerability software updates to address Vulnerability-related.PatchVulnerability a critical vulnerability in Flash Player for Windows , Mac , and Linux . PC owners and admins will want to upgrade Vulnerability-related.PatchVulnerability their copies of Flash to version 31.0.0.153 or later in order to get Vulnerability-related.PatchVulnerability the patch – or just dump the damn thing all together . The November 20 security update addresses Vulnerability-related.PatchVulnerability a single flaw , designated Vulnerability-related.DiscoverVulnerability CVE-2018-15981 . It is a type confusion bug that can be exploited Vulnerability-related.DiscoverVulnerability to achieve remote code execution . Basically , an attacker could slip the exploit code into a Flash .swf file , put it on a web page , and covertly install malware on any vulnerable machine that visits the page . Because Adobe does not maintain a fixed patching schedule Vulnerability-related.PatchVulnerability for Flash Player , this is n't technically considered an out-of-band band-aid . However , the update does come Vulnerability-related.PatchVulnerability just one week after Adobe pushed out Vulnerability-related.PatchVulnerability a handful of fixes for Patch Tuesday , including one for an information disclosure vulnerability in Flash Player . That Adobe would post Vulnerability-related.PatchVulnerability another update just one week after their last patch should underscore that CVE-2018-15981 is a serious enough vulnerability to be a priority fix Vulnerability-related.PatchVulnerability for users and admins . After installing Vulnerability-related.PatchVulnerability this latest fix , those who are tired of the constant security threats might also want to consider taking the advice of multiple security experts and developers and at least disable Flash by default if not permanently . The notoriously vulnerable plugin has long since been surpassed by HTML5 , and most major websites have already transitioned away from Flash , leaving it only really useful for specific sites and applications . Even Adobe wants to kill off Flash . The Photoshop giant has said that by 2020 it plans to formally retire the plugin once and for all .

IBM has withdrawn Vulnerability-related.PatchVulnerability a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems . Just this week , Big Blue said it is working on Vulnerability-related.PatchVulnerability a new fix for CVE-2018-1567 , a remote-code execution vulnerability in versions 9.0 , 8.5 , 8.0 , and 7.0 of the platform . According to IBM , the vulnerability would potentially allow an attacker to remotely execute Java code on a vulnerable web-app server via its SOAP connector port . The bug was sealed up Vulnerability-related.PatchVulnerability on September 5 , when IBM made Vulnerability-related.PatchVulnerability the fix available Vulnerability-related.PatchVulnerability for download and installation . Unfortunately , the patch had been causing problems , forcing IBM to pull Vulnerability-related.PatchVulnerability the fix on Wednesday , more than a month . Big Blue said the patch was yanked Vulnerability-related.PatchVulnerability `` due to regression '' , which is the fancy way of saying it was mucking stuff up . `` There may be a failure after the security fix for PI95973 is installed , '' IBM tells customers . `` The fix has been removed Vulnerability-related.PatchVulnerability while it is being reworked by development . '' IBM did not say when the updated patch might be arriving Vulnerability-related.PatchVulnerability , putting some admins in the difficult position of either leaving a vulnerability open or risking crashes . We 've asked the New York-based IT giant for more details , following a tip off from an eagle-eyed reader – let us know if you also spot any strange goings on with patches and so forth . In Big Blue 's defense , this is far from the first time a company has had to pull Vulnerability-related.PatchVulnerability a security patch that was found Vulnerability-related.DiscoverVulnerability to pose stability concerns . Microsoft has to do this with some regularity . In fact , just today word surfaced that a number of HP users have been struggling with blue screen crashes affected Vulnerability-related.DiscoverVulnerability their PCs after installing Vulnerability-related.PatchVulnerability this week 's Patch Tuesday updates .

A few days ago , Microsoft issued Vulnerability-related.PatchVulnerability an emergency patch for Internet Explorer to fix Vulnerability-related.PatchVulnerability a zero-day vulnerability in the web browser . The problem affects Vulnerability-related.DiscoverVulnerability versions of Internet Explorer from 9 to 11 across multiple versions of Windows , but it seems that the patch has been causing problems for many people . Specifically , people with some Lenovo laptops have found that after installing Vulnerability-related.PatchVulnerability the KB4467691 patch they are unable to start Windows . When the patch was released Vulnerability-related.PatchVulnerability , it was known that there were a few issues with older versions of Windows 10 -- for example , problems with the .NET framework , and with web links in the Start menu . But since the initial release , Microsoft has updated Vulnerability-related.PatchVulnerability the patch page to indicate Vulnerability-related.DiscoverVulnerability a further potential problem with some Lenovo laptops : After installing KB4467691 , Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM . The company goes on to suggest a couple of possible workarounds for those running into issues : Restart the affected machine using the Unified Extensible Firmware Interface ( UEFI ) . Disable Secure Boot and then restart . If BitLocker is enabled on your machine , you may have to go through BitLocker recovery after Secure Boot has been disabled . Microsoft says that it is `` working with Lenovo and will provide Vulnerability-related.PatchVulnerability an update in an upcoming release '' .

Since last Friday , over 200,000 victims in 150 countries have been hit Attack.Ransom by a massive , international ransomware cyberattack Attack.Ransom called WannaCry . Ransomware is a type of malware that works by seizing control of and blocking access to a computer ’ s files , programs , and operations . Users are then informed that they must pay Attack.Ransom a certain amount in order to regain access to their files , with the threat of permanently losing all of their data if they choose not to pay Attack.Ransom . In the WannaCry attack Attack.Ransom , users were given three days to make the payment Attack.Ransom before the fee increased , and seven days before the files would be lost forever . The massive scope and potential financial impact of the WannaCry attack Attack.Ransom has understandably caused a lot of panic , and companies and individuals alike have been rushing to protect their devices . However , this frenzy has opened up new damaging routes for fraud . One of these attack routes is through mobile applications that have been found on third-party application stores . There are various mobile applications advertising that they can be used to protect users from the WannaCry ransomware . However , our analysts found that some of these apps contained adware meant to infect the devices they are downloaded onto . Rather than protecting users ’ devices , they are causing them harm . The adware found is classified as Adware.mobidash , which is a module that attackers used to include into Android games and apps and monetize them . This adware has the capability to load webpages with ads , show other messages in the status bar , and modify the DNS server . This is quite dangerous as the real risk lies in the fact that the end user ’ s device is performing unwanted activity without their authorization . To hide this dangerous behavior , the adware doesn ’ t start to perform its malicious activity immediately ; instead , it lies latent in the device before activating after a short period of time . We have blogged a lot about digital trust , fake news , and all sorts of tricks Attack.Phishing that criminals use to get the attention of consumers to get them to click on a link . Yet we continue to be amazed by how sophisticated the manipulation of the human factor has become . It will only be a matter of time until we see the WannaCry malware expand further to trick Attack.Phishing end users into installing Vulnerability-related.PatchVulnerability a patch that allegedly prevents the new massive ransomware attack Attack.Ransom . However , this time it will not be a patch , but a new version or variant of a financially motivated malware .