Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or actively maintained by developers.
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness.
First, the Flash Tuesday update, which brings Flash Player to v. 126.96.36.199. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.
It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.
Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software.
Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software.
I’ve spent the better part of the last month running a little experiment to see how much I would miss Adobe’s buggy and insecure Flash Player software if I removed it from my systems altogether. Turns out, not so much.
Adobe and Microsoft today each released software updates to fix serious security flaws in their products. Adobe pushed an update that plugs a pair of holes in its Flash Player software. Microsoft’s patch batch includes five updates, including one that addresses a zero-day vulnerability in Internet Explorer that attackers have been exploiting of late.
For the second time this month, Adobe has issued an emergency software update to fix a critical security flaw in its Flash Player software that attackers are already exploiting. Separately, Microsoft released a stopgap fix to address a critical bug in Internet Explorer versions 9 and 10 that is actively being exploited in the wild.
Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems. In an advisory, Adobe said two of the bugs quashed in… Read More »