Recently, Adobe released a security advisory confirming the existence of a critical vulnerability in Flash player, which is being actively exploited by attackers.
(prHWY.com) March 16, 2011 - Albuquerque, NM -- Albuquerque, NM, United States - Recently, Adobe released a security advisory confirming the existence of a critical vulnerability in Flash player, which is being actively exploited by attackers. The security flaw allows attackers to use a .swf file embedded in Microsoft Excel file and deliver it as an e-mail attachment. The vulnerability exists in Adobe Flash Player 10.2.152.33 and prior versions for operating systems - Windows, Linux, Macintosh and Solaris. In case of Chrome users, the vulnerability affects Flash Player 10.2.154.18 and prior versions. Flash player 10.1.106.16 and prior versions for Android operating system are affected by the disclosed vulnerability.
When unwary users open the e-mail attachment, the system may crash or enable the attacker to take complete control of the compromised system. The security flaw also exists in Authplay.dll component. The component is shipped with Adobe Reader and Acrobat X 10.0.1 and prior versions 10.x and 9.x for Windows and Macintosh. Adobe is working on a patch and is expected to issue a security advisory next week. Security researchers at the company indicate that they have not witnessed any active exploitation of the security flaw in Acrobat and Reader.Protected mode in Adobe reader prevents exploitation of the identified security flaw. Adobe products are used widely by individual and organizational users. Attackers frequently try to take advantage of the popularity of the Adobe products to target large number of systems. Over the previous year, security researchers have witnessed a shift towards exploitation of java vulnerabilities from Adobe products. However, the recent attack indicates that attackers are again targeting Adobe products. Developers of software products must conduct regular tests to detect and mitigate security flaws before their exploitation by attackers. Online IT degree
and e-learning programs facilitate security professionals in upgrading their technical skill and know-how.
User awareness is critical to prevent active exploitation of vulnerabilities. Online IT courses
and video tutorials may help in creating IT security awareness among end-users. Users must resist from opening malicious files, avoid clicking on suspicious links, or open e-mails from unknown sources. Attackers send cleverly crafted e-mails, which appear to come from a legitimate source. The content lures users to open malicious attachments. Users must avoid opening suspicious attachments delivered through e-mail.
IT professionals qualified in IT degree programs and other security certifications may help organizations in keeping track of new vulnerabilities and security updates. They would facilitate timely identification and application of appropriate security patches.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.