Latest in Cryptolocker

Image credit:

Critical Flash exploit emerges from Hacking Team breach

169 Shares
Share
Tweet
Share

Sponsored Links

Feel safe with your fully-patched computer? If you use Flash and land on the wrong website, you may get a virus or even a cryptolocker that renders your machine unusable. That's because a sophisticated "zero-day" exploit stolen from Hacking Team has now been released into the wild. As a reminder, Hacking Team is the infamous outfit that supplies US law enforcement and various governments around the world with digital spying tools. However, the company suffered an embarrassing attack on its own servers, and among the 400GB of data stolen were some nasty tools originally intended for use by agencies like the US Drug Enforcement Agency.

Security experts say attackers have now unleashed those tools on the internet, leaving all computers vulnerable until Adobe patches Flash, which it's expected to do tomorrow. Malwarebytes called it "one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by the Hacking Team." So what can you do about it? Obviously, be careful about which sites you visit, but you may also want to either enable "click-to-play" for the Flash plug-in or disable it completely, as detailed by How-To Geek.

Meanwhile, there are questions about how this shitstorm happened in the first place. As Forbes pointed out, leaked emails show that the FBI and DEA were keen on Hacking Team's software, which can run $500,000 for a full cross-platform setup. Other emails revealed that Hacking Team sold its wares to oppressive regimes in countries like Sudan.

Critics argue that increased cyber-spying by governments begets ultra-sophisticated hacking tools that can fall into the wrong hands. That in turn makes everyone more vulnerable, as today's attack proves (again). Ironically, FBI director James Comey is also trying to convince lawmakers today that it should be trusted with backdoor access to encrypted cellphones. However, given the competence and questionable ethics of the companies it works with, it's hard to see how that's a good idea.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
169 Shares
Share
Tweet
Share

Popular on Engadget

Fossil's latest Wear OS watches now make calls using iPhones

Fossil's latest Wear OS watches now make calls using iPhones

View
Toyota will debut its tiny city EV at the 2019 Tokyo Motor Show

Toyota will debut its tiny city EV at the 2019 Tokyo Motor Show

View
Adidas readies an entire collection of Star Wars basketball shoes

Adidas readies an entire collection of Star Wars basketball shoes

View
Mercedes app was leaking car owners' data to other users

Mercedes app was leaking car owners' data to other users

View
AT&T hikes TV Now prices by as much as $15 per month

AT&T hikes TV Now prices by as much as $15 per month

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr