Users of Yahoo hacked because of Flash

My favorite technology news blog has posted another post!

Researchers at Malwarebytes, an anti-malware vendor, uncovered a large scale attack targeting Yahoo customers via Yahoo’s advertising network. Malwarebytes notified Yahoo about it and the “malvertising” marketing campaign is now no loner in progress.

The attack was possible as a result of Flash vulnerabilities in unpatched versions of Flash, even perhaps the same vulnerabilities that force Mozilla to block Flash by default in its browser for a number of days until Adobe released a patch. Not all Flash users have updated to the latest version, though, which implies they’re still susceptible to these highly dangerous security exploits.

Yahoo owns large Web properties with an estimated 6.9 billion monthly visits, based on data from SimilarWeb, which implies even if a small proportion of those visits resulted in malware installation on the users’ PCs, it might still affect millions of individuals.

Malvertising is particularly dangerous because it requires no action from the user, and it can download and install itself automatically on the user’s PC (assuming the user is on a Standard account and not an Administrator one, and the User Account Control protection is weak enough to be bypassed, or the malware makes use of native privilege escalation zero-days).

The malware can even install “ransomware” on users’ computers and lock their files till the customers pay the criminals.

Recently, Flash has been a lot in the news, with even Facebook saying it hurts their business. Users are advised to either update their version of Flash or disable it completely.

We at GadgTecs think Flash should be abandoned by now. HTML5 is not perfect, but much secure and better alternate.

 

 

The post Users of Yahoo hacked because of Flash appeared first on – GadgTecs.

from – GadgTecs http://ift.tt/1P5ge3f
via IFTTT GadgTecs is the best science, technology blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s