Latest in Cryptolocker

Image credit:

Critical Flash exploit emerges from Hacking Team breach

169 Shares
Share
Tweet
Share
Save

Sponsored Links

Feel safe with your fully-patched computer? If you use Flash and land on the wrong website, you may get a virus or even a cryptolocker that renders your machine unusable. That's because a sophisticated "zero-day" exploit stolen from Hacking Team has now been released into the wild. As a reminder, Hacking Team is the infamous outfit that supplies US law enforcement and various governments around the world with digital spying tools. However, the company suffered an embarrassing attack on its own servers, and among the 400GB of data stolen were some nasty tools originally intended for use by agencies like the US Drug Enforcement Agency.

Security experts say attackers have now unleashed those tools on the internet, leaving all computers vulnerable until Adobe patches Flash, which it's expected to do tomorrow. Malwarebytes called it "one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by the Hacking Team." So what can you do about it? Obviously, be careful about which sites you visit, but you may also want to either enable "click-to-play" for the Flash plug-in or disable it completely, as detailed by How-To Geek.

Meanwhile, there are questions about how this shitstorm happened in the first place. As Forbes pointed out, leaked emails show that the FBI and DEA were keen on Hacking Team's software, which can run $500,000 for a full cross-platform setup. Other emails revealed that Hacking Team sold its wares to oppressive regimes in countries like Sudan.

Critics argue that increased cyber-spying by governments begets ultra-sophisticated hacking tools that can fall into the wrong hands. That in turn makes everyone more vulnerable, as today's attack proves (again). Ironically, FBI director James Comey is also trying to convince lawmakers today that it should be trusted with backdoor access to encrypted cellphones. However, given the competence and questionable ethics of the companies it works with, it's hard to see how that's a good idea.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
169 Shares
Share
Tweet
Share
Save

Popular on Engadget

Runkeeper drops its Wear OS app due to a 'buggy experience'

Runkeeper drops its Wear OS app due to a 'buggy experience'

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View
IKEA creates a business unit devoted to smart home tech

IKEA creates a business unit devoted to smart home tech

View
US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr