Live
- Over 7,600 Syrians return from Turkiye in five days after Assad's downfall: minister
- Delhi BJP leaders stay overnight in 1,194 slum clusters
- Keerthy Suresh and Anthony Thattil Tie the Knot in a Christian Ceremony
- AAP, BJP making false promises to slum dwellers for votes: Delhi Congress
- 'Vere Level Office' Review: A Refreshing Take on Corporate Life with Humor and Heart
- Libya's oil company declares force majeure at key refinery following clashes
- Illegal Rohingyas: BJP seeks Assembly session to implement NRC in Delhi
- Philippines orders full evacuation amid possible volcanic re-eruption
- Government Prioritizes Welfare of the Poor, says Dola Sri Bala Veeranjaneyaswamy
- Two Russian oil tankers with 29 on board damaged due to bad weather
Just In
Rapid Response: Yahoo ad network used to infect computers
Rapid Response: Yahoo Ad Network Used To Infect Computers. The latest news on cybercriminals abusing Yahoo’s ad network to infect computers, using vulnerabilities in Adobe’s Flash software highlight again how important it is to instantly patch systems when updates are available.
The latest news on cybercriminals abusing Yahoo’s ad network to infect computers, using vulnerabilities in Adobe’s Flash software highlight again how important it is to instantly patch systems when updates are available.
Cybercriminals tend to choose the path of least resistance, i.e. to focus on those things that provide an easy route to success – installing their malware on vulnerable computers. Flash Player is widely-used, providing a big pool of potential victims. It’s often left unpatched – people take its functionality for granted and tend to overlook it.
You will now again hear many recommendations that people should delete the plugin or turn it off. It is hard to give a general recommendation here, though. Many people are just used to flash and chose the ease of it over the security. But I would suggest that people ‘give it a go’, i.e. remove it and see what difference it makes to their browsing experience. If, after not having Flash Player for a while, they find out they don’t need it – leave it off the system completely. If not – simply re-install it. Brian Krebs recently shared his experience of living without Flash Player here. In between the two positions – i.e. on or off – people can modify their browser settings to allow Flash on-demand, allowing it only when accessing trusted websites. But the Yahoo-case shows that it is a very difficult task to determine which websites can be trusted or not. I assume most people would trust Yahoo.
I believe Flash will stay on computers for a while, just because it is such a widely used technology. Like Java, it’s installed on many computers by default and people tend not to think about it until there’s a well-publicised problem. While some popular websites are already replacing Flash with the HTML5 technology (e.g. Youtube), some others still rely on Flash, forcing users to enable/install Flash Player in their browsers to be able to see the content. Nevertheless, the security issues are constantly pushing the shift in web technologies, even if the full transition may take some time.
Facts / Figures (from Kaspersky Lab’s Security Bulletin 2014):
Web-based attacks:
In 2014, there were 1,432,660,467 attacks launched from online resources located all over the world. It means that Kaspersky Lab products protected users an average of 3,925,097 times per day during their Internet sessions.
The main attack method – via exploit packs – gives attackers an almost guaranteed opportunity to infect the user computer if it is not protected with a security solution and if it has at least one popular and vulnerable (not updated) application installed.
Vulnerabilities:
In 2014, the fraudsters most often exploited Oracle Java vulnerabilities. However, the popularity of Java vulnerabilities declined steadily throughout the year, and its overall share was less than half of last year’s figure – 45% against 90.5% 12 months ago. This might be due to the closure of old vulnerabilities and a lack of information about any new ones.
Second place was occupied by the Browsers category (42%) which includes exploits for Internet Explorer, Google Chrome, Mozilla Firefox, etc. According to the quarterly ratings, for much of 2014 this was the leading category but it didn’t quite outstrip the large number of Java exploits in late 2013 and early 2014.
Adobe Reader exploits were in third place (5%). These vulnerabilities are exploited in drive-by attacks via the Internet, and PDF exploits form part of many exploit packs.
During the year, we saw a decrease in the number of attacks using exploit packs. There may be several reasons for this, including the arrests of some of their developers. In addition, many exploit packs have stopped attacking computers protected by Kaspersky Lab products (exploit packs check the victim computer and halt the attack if a Kaspersky Lab solution is installed on it). Despite this, exploitation of vulnerabilities remains one of the main ways to deliver malicious software on the user’s computer.
A graph can be found here: https://kasperskycontenthub.com/securelist/files/2014/12/ksb_stat_2014_en_8.jpg
I have attached the photograph of David Emm for your reference.
In case you have any question, request you to please send me the questions and I will get it answers by Kaspersky Lab Experts.
Thank you very much :)
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com