Adobe has released Vulnerability-related.PatchVulnerability a priority update to plug Vulnerability-related.PatchVulnerability a critical security flaw in its popular Flash Player on Windows . As per an official announcement by the company , the latest patch will address Vulnerability-related.PatchVulnerability issues in Adobe Flash Player 29.0.0.171 and other earlier versions . The vulnerabilities , according to Adobe , are being used by hackers to embed malicious content distributed via email . Security firm Icebrg on Thursday announced Vulnerability-related.DiscoverVulnerability that a zero-day vulnerability has led to exploitation in Adobe Flash specifically targeted towards users in the Middle East . The vulnerability ( CVE-2018-5002 ) enables attackers to execute certain actions by executing code on the victims ' computers . As per the blog post , the exploit uses a Microsoft Office document for the attack . To circumvent the fact that Adobe Flash is blocked on most browsers , the exploit involves loading Flash Player from within Microsoft Office . The flaw was reported Vulnerability-related.DiscoverVulnerability by Icebrg in collaboration with Qihoo 360 Core Security . `` While this attack leveraged a zero-day exploit , individual attacker actions do not happen in isolation . There are several other behavioural aspects that can be used for detection . Any single observable might be low confidence but multiple observables clustered might be indicative of suspicious or malicious activity , '' said Icebrg staff in its blog post . Of course , this is not the first instance wherein Flash Player 's vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability . Back in October last year , the company had issued Vulnerability-related.PatchVulnerability a security patch to fix Vulnerability-related.PatchVulnerability a critical leak . Users have been strongly recommended to update Adobe Flash in order to avoid any such vulnerabilities seeping into your machines . The update , however , is not a guarantee towards protection against future discrepancies . It is thus advised to enable flash on only a secondary browser that is not used majorly on the computer .

Update , Cisco will take a second crack at addressing Vulnerability-related.PatchVulnerability a vulnerability in WebEx that can be exploited Vulnerability-related.DiscoverVulnerability to execute malicious code on a vulnerable installation . Switchzilla has issued Vulnerability-related.PatchVulnerability a new fix to address Vulnerability-related.PatchVulnerability CVE-2018-15442 , a command injection bug in its video conference software that allows a local attacker to their elevate privileges , and then execute code by injecting commands through the software update component of the WebEx Meetings Client . The bug was traced back to the failure by Webex Meetings to properly check arguments passed via its update service commands . Thus a miscreant could run an update command with specially crafted arguments to ultimately execute code with system privileges . This means rogue logged-in users or malware on a Windows system could leverage WebEx to completely hijack the machine . Cisco had hoped to plug Vulnerability-related.PatchVulnerability the vulnerability in October with a patch that was thought to have resolved Vulnerability-related.PatchVulnerability the flaw . However , software-breakers at SecureAuth found that Switchzilla failed to account for DLL preloading . By sticking the malicious commands inside a DLL file and then executing the update program with that library loaded , an attacker would be able to circumvent the patch and then exploit Vulnerability-related.DiscoverVulnerability the flaw as before to execute commands with system-level clearance . `` The vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by copying to an a local attacker controller folder , the ptUpdate.exe binary . Also , a malicious dll must be placed in the same folder , named wbxtrace.dll , '' SecureAuth explained in its disclosure today . `` To gain privileges , the attacker must start the service with the command line : '' Fortunately , the flaw was privately disclosed Vulnerability-related.DiscoverVulnerability to Cisco , giving the teleconferencing vendor time to get out Vulnerability-related.PatchVulnerability a fix prior to this bug going public . Those running Webex Meetings on their Windows machines should update as soon as possible . While the flaw is n't as severe as a remote code bug that could be exploited Vulnerability-related.DiscoverVulnerability without any user interaction , the fact it has now been patched Vulnerability-related.PatchVulnerability twice and has working proof-of-concept code public should make patching Vulnerability-related.PatchVulnerability a priority .

Microsoft today released Vulnerability-related.PatchVulnerability an emergency software patch to plug Vulnerability-related.PatchVulnerability a critical security hole in its Internet Explorer ( IE ) Web browser that attackers are already using to break into Windows computers . The software giant said Vulnerability-related.DiscoverVulnerability it learned Vulnerability-related.DiscoverVulnerability about the weakness ( CVE-2018-8653 ) after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Satnam Narang , senior research engineer at Tenable , said Vulnerability-related.DiscoverVulnerability the vulnerability affects Vulnerability-related.DiscoverVulnerability the following installations of IE : Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012 , 2016 and 2019 ; IE 9 on Windows Server 2008 ; and IE 10 on Windows Server 2012 . “ As the flaw is being actively exploited Vulnerability-related.DiscoverVulnerability in the wild , users are urged to update Vulnerability-related.PatchVulnerability their systems as soon as possible to reduce the risk of compromise , ” Narang said . According to a somewhat sparse advisory about the patch , malware or attackers could use the flaw to break into Windows computers simply by getting a user to visit a hacked or booby-trapped Web site . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . Microsoft says users who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates are protected automatically . Windows 10 users can manually check for updates this way ; instructions on how to do this for earlier versions of Windows are here .

Microsoft 's new Outlook 2010 update ought to provide Vulnerability-related.PatchVulnerability the critical security fixes without the crashes . Microsoft has released Vulnerability-related.PatchVulnerability a new update for Outlook 2010 that should plug Vulnerability-related.PatchVulnerability its critical security flaws without causing crashes . Microsoft earlier this week warned that the 64-bit version of the security update KB 4461529 from its November Patch Tuesday was causing Outlook 2010 crashes . Despite the crashes , Microsoft warned users not to remove the update , which plugged Vulnerability-related.PatchVulnerability four remote code execution flaws that it said were more likely be exploited Vulnerability-related.DiscoverVulnerability . Until a new update was released Vulnerability-related.PatchVulnerability Microsoft recommended users try Outlook Web Access instead . As spotted by Woody Leonhard , Microsoft this week released Vulnerability-related.PatchVulnerability KB 4461585 for Outlook 2010 , which includes patches for the four flaws and should n't trigger crashes . Microsoft confirmed it does fix Vulnerability-related.PatchVulnerability the crash issues caused by KB 4461529 . The fixed update can be downloaded Vulnerability-related.PatchVulnerability from Microsoft 's download center and not the Microsoft Update Catalog . Microsoft cautions the update is only for the .msi edition of Office 2010 and not for Office 365 Home . `` Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer ( .msi ) -based edition of Office 2010 . It does n't apply to the Office 2010 Click-to-Run editions , such as Microsoft Office 365 Home , '' Microsoft notes . Microsoft has set out instructions for checking which edition you have in a blogpost . There are no further updates available Vulnerability-related.PatchVulnerability for the Outlook 2010 non-security updates KB4461522 and KB2863821 , which Microsoft pulled on Vulnerability-related.PatchVulnerability November 15 because they were causing crashes in Access and other apps . Microsoft recommended users uninstall both the updates .

A Warwick company ’ s managing director is warning other businesses to protect themselves from cyber criminals after being held to ransom Attack.Ransom . Kettell Video Productions was targeted by tech scammers who infected its IT systems with viruses before demanding Attack.Ransom £1,000 in online currency Bitcoins or the files would be permanently deleted . Luckily , owner Stuart Kettell routinely backs up all his company ’ s systems so nothing was lost but he warned others to do the same to avoid disaster . “ It was scary : I had no idea about cyber-attacks before and really didn ’ t know what to do , ” he said . “ Critical files , including images and videos for clients , were wiped out along with a lifetime of personal memories . “ The affected files were lost for good – the only way to recover them was with the key code held by the blackmailer – but luckily I back-up everything to an external data cartridge . “ In the end it was more an inconvenience…but it could have threatened the business . “ I would strongly urge all business owners to back-up their essential files. ” Mr Kettell acted quickly when he realised the audio-visual specialists in Arlescote Close were under attack by the web sharks in December , 2015 . “ I noticed all my photos , videos and pdf files ghosting to white with a new filename… it attacked my desktop first then it wormed its way into folders one file at a time every few seconds , ” he said . “ I ’ ve no idea how the malware was introduced as we use software that ’ s designed to prevent against such attacks . “ And the demand for payment Attack.Ransom seemed very professional : I was given links where I could buy Bitcoins and even offered the chance to decrypt one file for free . “ I unplugged my computer , isolated it from the internet , and ran some anti-malware software to stop the virus spreading further. ” Latest figures from the Crime Survey for England & Wales estimated there were 1.3m computer virus offences and 667,000 hacking related offences committed in the year ending September 2016 . Sergeant Gary Sirrell from the cybercrime team at West Midlands Regional Organised Crime Unit said commercial web attacks are increasingly being committed against smaller firms and not big multi-nationals . “ Small and medium sized companies are easier targets : they often don ’ t have the resources or expertise to protect against cyberattacks , ” he said . “ And if they are targeted , the impact can be devastating . “ But there are steps business owners can take to mitigate the risk . “ A really effective tactic involves ‘ layering ’ defences to include a firewall , anti-malware software , staff training and regular re-training ) around phishing email awareness , and finally to plug Vulnerability-related.PatchVulnerability any holes in your defences by updating Vulnerability-related.PatchVulnerability software patches and updates Vulnerability-related.PatchVulnerability in a timely manner . “ By exercising good cyber hygiene , and having a strong backup policy , Stuart avoided the dilemma of whether to see his business significantly damaged , or to have to hand over a ransom Attack.Ransom to organised crime gangs to get his data unlocked . “ If more businesses in the West Midlands proactively took such steps there would be significantly fewer crimes victims . ”

The details of more than 100m Indians ’ Aadhaar ID cards have leaked Attack.Databreach from four government portals , according to a report from the Centre for Internet and Society ( CIS ) . Based on the numbers available on the websites looked at , [ the ] estimated number of Aadhaar numbers leaked Attack.Databreach through these four portals could be around 130-135 million If you ’ re not familiar with the Aadhaar numbers , we ’ ve previously reported on the history of and concerns surrounding this biometric ID card . Now a fundamental part of Indian society , anyone that has not signed up faces being denied access to many government and private-sector services and schemes . As the government presses on with intertwining the card into everyday life , concerns about the security of the vast amounts of personal data being stored and the potential for its misuse by cyber-criminals continue to mount . The disclosures came as part of a report entitled Information Security Practices of Aadhaar ( or lack thereof ) : A Documentation of Public Availability of Aadhaar Numbers with Sensitive Personal Financial Information , which focuses on just four of India ’ s numerous government portals : But it ’ s not just the ID numbers that the report is worried about ; it also claims that the leaks Attack.Databreach contain “ personally identifiable information of beneficiaries or subjects of the leaked databases ” , putting the estimated number of bank accounts leaked Attack.Databreach at around 100m . The Unique Identification Authority of India ( UIDAI ) , which issues the Aadhaar numbers , claims that there have been no leaks Attack.Databreach , according to The Times of India . The paper also quotes one official as saying something rather different While Aadhaar numbers are available , the biometric information is not … The leaked databases do not pose a real threat … because the Aadhaar number can not be misused without biometrics . And another that another official as saying that the “ Aadhaar number is not confidential just as bank account number which is mentioned in cheque books and shared with lot of people ” . It seems that , despite the official line , Aadhaar numbers are getting out Attack.Databreach into the public domain . The question has to be whether the personally identifiable information that is being published alongside them is enough for fraudsters to steal Attack.Databreach someone ’ s identity . I haven ’ t yet seen any reports of fraud being committed on the back of a stolen Aadhaar number . Only time will tell . While this new , controversial ID system beds itself in , the world will be watching closely to see where the cracks in security are , how fraudsters take advantage and how the government reacts to plug Vulnerability-related.PatchVulnerability any holes . We ’ ll certainly be keeping a close eye on developments .