Newsletter Archives

• New Flash zero-day

  Posted on February 1, 2018 at 13:54 CST by woody • Comment in the Forums

  Catalin Cimpanu at BleepingComputer has a worrisome post. Apparently the South Korean version of CERT, KR-CERT, has found a Flash 0day that’s in the wild.

  The sample given is a malicious SWF file — a plain-vanilla Flash file — in a Word document.

  Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.

  Do you need to be worried about it? Apparently not, unless you’re a South Korean researching North Korea. Still, Flash 0days have a nasty habit of proliferating rapidly.

  Folks, turn off Flash. Paul Wagenseil at Tom’s Guide has an in-depth step-by-step analysis of how to turn off Flash.

  If you absolutely must use Flash on a specific site, first write to the site’s owners and complain loudly. Then, figure out which browser you want to use with Flash (I’ve picked Chrome) and only use that browser to go to the bad site.

  Flash is dead, folks. Give it a decent burial.

  Uncategorized Flash 0day

• Adobe Flash 0day shows a Chinese connection

  Posted on April 13, 2011 at 09:31 CDT by woody • Comment in the Forums

  Could the new Flash 0day be yet another product of the rumored Chinese government spearphishing factory? Hard to say. Here’s the facts, in my InfoWorld Tech Watch posting.

  Other China, Flash 0day

• Another day, another Flash 0day

  Posted on September 15, 2010 at 22:36 CDT by woody • Comment in the Forums

  Adobe’s had a horrendous year.

  Read it and weep. Infoworld Tech Watch.

  Other Flash 0day, Reader 0day