news.buyenne.com

Adobe has rushed out a Flash update to plug a security hole spotted by infosec researchers, who warned that Windows 10 users of the software may have been exposed to the flaw for more than a week.

Ne'er-do-wells could exploit the flaw by sending ransomware to Windows 10 machines. Adobe said its updates addressed critical vulnerabilities in Flash, and advised users to install the latest version of the software. It said in a security bulletin:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

Researchers at Proofpoint—which has a good explainer of the flaw here—worked with other infosec folk to track down the latest security hole in Flash that could be exploited by attackers with a type of ransomware dubbed "Cerber." The ransomware is understood to have been in the wild since at least March 31.

On Thursday, Wall Street’s bookkeeper announced that it had successfully tested blockchain technology to manage single-name credit default swaps (CDS) among four big banks: Bank of America Merrill Lynch, Citi, Credit Suisse, and JP Morgan.

In a credit default swap, one bank buys the debt owed to another bank with the understanding that if the debt holder defaults on their loan, the buyer bank will be compensated by the selling bank. In the years leading up to the 2008 recession, the buying and selling of credit default swaps was not watched by regulators at all, and as an NPR explainer described it in October 2008, "If bad mortgages got the financial system sick, credit default swaps helped spread the illness worldwide."

The need for more transparency is where blockchain comes in. The concept of the blockchain ledger was developed and popularized by virtual currency Bitcoin, and on a blockchain ledger peer-to-peer transactions can be monitored by every entity that’s party to the ledger, theoretically resulting in more transparency. And recently Silicon Valley has pushed the finance world to appropriate the blockchain concept to make more traditional transactions more efficient, as well: if transactions are seamlessly recorded on a shared ledger, using a middleman to clear the transactions is no longer necessary.

(credit: Aurich Lawson)

There's something inherently world-changing about the latest round of crypto-ransomware that has been hitting a wide range of organizations over the past few months. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion.

And that means that there's now a financial incentive for going after just about anything. While the payoff of going after businesses' networks used to depend on the long play—working deep into the network, finding and packaging data, smuggling it back out—ransomware attacks don’t require that level of sophistication today. It's now much easier to convert hacks into cash.

Harlan Carve, a senior security researcher at Dell SecureWorks, put it this way. "It used to be, back in the days of Sub7 and 'joy riding on the Information Highway,' that your system would be compromised because you're on the Internet. And then it was because you've got something—you've got PCI data, PHI, PII, whatever the case may be. Then it was intellectual property. And now it's to the point where if you've got files, you're targeted."