Articles about Adobe

shutterstock_gold

Hack VMware, score US$75K. Hack Flash, get much less

CanSecWest There's US$75,000 up for grabs to hackers who compromise VMware's hypervisor software in an upgraded Pwn2Own contest next month. The next challenge represents a significant boost to the difficulty of the hacking competition in which popular hardware and software products are publicly flayed by cyber-security gurus. The …
Darren Pauli, 12 Feb 2016

Flash flushed as Google orders almost all ads to adopt HTML5

Google's getting serious about hastening the oh-so-timely demise of Adobe Flash, telling advertisers they've just under a year to move to HTML 5. The ad giant has given advertisers notice that from June 30th, 2016, AdWords and DoubleClick won't accept upload of Flash ads. Come January 2nd, 2017, display ads won't run on the …
Simon Sharwood, 10 Feb 2016

Don't touch that PDF or webpage until your Windows PC is patched

Microsoft has patched 41 CVE-listed security vulnerabilities in its software this month. The second Patch Tuesday monthly update of the year brings with it fixes for security flaws in both Internet Explorer and Edge that could allow remote-code-execution attacks simply by visiting a webpage. Also fixed are remote-code- …
Shaun Nichols, 09 Feb 2016
Adobe Animate CC replaces Flash Professional

Don't mention the F word: Adobe releases Animate CC

Adobe has released Animate CC, formerly known as Flash Professional, as part of its effort to move away from its proprietary plug-in and runtime in favour of HTML5 Canvas and WebGL. The company announced its intentions at the end of November 2015, explaining that “we completely rewrote the tool over the past few years to …
Tim Anderson, 09 Feb 2016
Apple iMac 27-inch 2013

Fake Flash update malware targets gullible Apple users

Security watchers have spotted a shareware scam targeting Apple users that features malicious code signed with a legitimate Apple developer certificate. The dodgy software poses as an Adobe Flash update, typically presented to potential marks as a pop-up reminder. Those who fall for the ruse will end up unwittingly …
John Leyden, 08 Feb 2016
management cloud4

Autodesk vapourises ten per cent of jobs to go completely cloudy

Autodesk, which is getting close to phasing out physical product sales, has announced it's also going to farewell 925 jobs, about ten per cent of its global workforce. The move comes less than two months after the company woke to find not one, but two “activist” investor funds on its share register: Eminence Capital and Sachem …

US government's $6bn super firewall doesn't even monitor web traffic

The US government's firewall, named Einstein, is not as smart as its name would suggest. A report [PDF] by the General Accounting Office (GAO) into the National Cybersecurity Protection System (NCPS) has concluded that it is only "partially meeting its stated system objectives." Which is a polite way of saying it sucks. Among …
Kieren McCarthy, 01 Feb 2016

OpenSSL patch quashes rare HTTPS nasty, shores up crypto chops

OpenSSL maintainers have pushed a pair of patches, crushing a dangerous but uncommon bug that allows HTTPS to be unravelled while also hardening servers against downgrade attacks. Affected servers are open to key recovery attacks only if it runs certain Digital Signature Algorithm and static Diffie-Hellman key exchange …
Team Register, 29 Jan 2016
A person measuring her waistline

Reg readers speak out on Thin Client technology

Survey Results Managing PC estates is a time-consuming, expensive and thankless task. Better provisioning and management tools can obviously help, but implementing one or more of the various forms of desktop virtualisation available nowadays may also be beneficial. The virtualisation option, and particularly the use of hardware-based thin …
Dale Vile, 28 Jan 2016

Angler exploit kit now hooking execs with Xmas Flash hole

The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on …
Darren Pauli, 28 Jan 2016
Mobile banking, image via Shutterstock

SlemBunk slamdunk: Mobile banking Trojans found worldwide

Cybercrooks have put together a dynasty of Android Trojan apps in a bid to imitate the legitimate apps of 33 financial management institutions across the globe. The SlemBunk apps (which commonly masquerade as popular applications, such as social media, utility, etc) have spread across three major continents: North America, …
John Leyden, 14 Jan 2016
Windows 10 Aero

Windows 10 shattered Remote Desktop's security defaults – so get patching

Microsoft has issued its January batch of security updates – including what will be the final round of patches for many versions of Internet Explorer. The first Patch Tuesday monthly security release of the year includes fixes for 25 CVE-listed flaws in Windows, Internet Explorer, Edge, and Office. Among the patched bugs are …
Shaun Nichols, 12 Jan 2016

Wikimedia Foundation bins community-elected trustee

The Wikimedia Foundation has ousted a community-elected board trustee, whose seat now lies empty. At the same time, it has also appointed two hand-picked trustees for two other vacant spots: a former Google executive with a controversial record and a Mountain View CFO. These are just two changes that were announced quietly over …
Andrew Orlowski, 12 Jan 2016

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …
Darren Pauli, 11 Jan 2016
Lego builders, photo by Simone Mescolini, via Shutterstock

Microservices are not the same thing as components

Mention cloud, mention DevOps and it won’t be long before microservices enters the discussion. But what is, or are, microservices? The name implies something small – but what? Is it a part of a bigger thing or a piece of discrete functionality? And how are microservices different to application components? And why should we …

Bash, smash, trash Flash – earn $100k cash

Hackers can score US$100,000 from exploit arbitrage outfit Zerodium if they bypass Adobe's latest Flash heap isolation defence. Hackers will have to craft an exploit that escapes the sandbox to hit the jackpot, because that's more complex than a non-sandbox break which attracts a $65,000 reward. It comes less than a month …
Darren Pauli, 06 Jan 2016
woman binoculars photo via Shutterstock

Missed our Christmas crackers? Top stories from the break were...

Things might have slowed down for Christmas and New Year in your workplace but the news did not take a break. Whether you were away for the Christmas and New Year period or logged on but not exactly present, here are the biggest stories you may have missed from The Reg. The death of Debian GNU/Linux daddy Ian Murdock aged …
Gavin Clarke, 04 Jan 2016
Scary Skeleton Samba

Apple had more CVEs than any single MS product in 2015, but it doesn't really matter

A count of the number of CVEs (Common Vulnerabilities and Exposures) issued on different platforms in 2015 has concluded that Apple was the most-advisoried operating system of the year, leading to gloating headlines that OS X is the “most vulnerable” of the lot. According to CVE Details, Mac OS X (all versions) apparently had …

Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods

Adobe has issued new versions of Flash to patch a load of security flaws – one of which is being exploited in the wild. Curiously, that particular vulnerability (CVE-2015-8651) was reported to the Photoshop giant by Kai Wang and Hunter Gao of Huawei's IT security department. Could the Chinese tech goliath have caught …
Chris Williams, 28 Dec 2015
Penguin with video photo via Shutterstock

Feeling abandoned by Adobe? Check out the video editing suites for penguins

When it comes to video editing, Windows and Mac rule the screen. Professional apps by the likes of Adobe, Avid and Apple only run in the Win/Mac world and Apple even throws in a pretty sophisticated video editor (iMovie) for free. No matter how much you love Linux and open source software, you're never going to get Adobe …
Broken CD with wrench

Security sweep firm links botnet infestation and file sharing

Updated There’s high degree of correlation between organisations with P2P activity and system compromises via malware infections, according to a new study by BitSight Technologies. Correlation is, of course, different from causation. However, the booby-trapping of Torrents to tricks freetards into sucking down on malicious code is a …
John Leyden, 21 Dec 2015

Facebook hammers another nail into Flash's coffin

Facebook has hammered another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site. The Social NetworkTM explained the move by saying “Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.” …
Simon Sharwood, 21 Dec 2015

Firefox-on-Windows users, rejoice: Game of Thrones now in HTML5

Firefox has joined the Netflix community on Windows with the addition of HTML5 video extensions. The box set streaming giant’s HTML5 video player now works with Mozilla’s browser and digital-rights management software from Adobe to police content – Primetime CDM. It means you can stream Netflix to Firefox on a Windows PC …
Gavin Clarke, 18 Dec 2015
Sydney Harbour Bridge in the cloud

Adobe: We locked our customers in the cloud and out poured money

Reassuringly expensive software maker Adobe is laughing all the way to the bank after shunting more of its customers into the cloud - like they had any choice in the matter. The company closed off fiscal ’15 ended 27 November with Q4 revenue of $1.31bn, up 22 per cent year-on-year, driven by a 44 per cent hike in subscriptions …
Paul Kunert, 11 Dec 2015
shutterstock_222258445-roadblock

Predictable: How AV flaw hit Microsoft's Windows defences

Could it be that time spent by Microsoft on software security counts for naught? Possibly - based on the findings of an investigation by enSilo that found some of the best-known AV names are susceptible to new vulnerabilities. The results are alarming, suggesting an entire of ecosystem unwittingly opening a back door into …
John Leyden, 11 Dec 2015
Apple logo. Pic: Blake Patterson

Think you're all done patching? Not if you have any Apple gear

Apple has joined the likes of Microsoft and Adobe in releasing patches for dozens of security holes in its products. The Cupertino design studio has posted updates for nearly all of its product lines, fixing security holes in iOS, OS X, watchOS, tvOS, Safari, and Xcode. For OS X users, the update is packaged as El Capitan 10. …
Shaun Nichols, 09 Dec 2015

It's nearly 2016, and Windows DNS servers can be pwned remotely

Patch Tuesday Microsoft is closing out the year with a fix for 71 security vulnerabilities in Windows Server, client-side Windows, Office, Internet Explorer, and Edge. Among the patches are two vulnerabilities that are already being exploited in the wild for elevation of privilege and remote code execution. The December Patch Tuesday load …
Shaun Nichols, 08 Dec 2015

Kill Flash Now: 78 bugs patched in latest update

Adobe has released another update to address dozens of flaws in its Flash Player browser plug-in. The December update fixes 78 CVE-classified security vulnerabilities in Flash Player for OS X, Windows, Linux, and Android. The patch includes 75 separate vulnerabilities that could be exploited by an attacker to remotely execute …
Shaun Nichols, 08 Dec 2015

Dailymotion hit by malvertising attack as perpetrators ‘up their game'

Malicious adverts spreading malware managed to make their way onto popular French video streaming site Dailymotion. The infection involved a rogue ad and JavaScript that ultimately directs surfers to sites harbouring the Angler Exploit Kit (EK). The practical upshot was that Windows users running out-of-date software, such as …
John Leyden, 08 Dec 2015

Adobe's Flash tools now embrace HTML 5. Sadly Flash is still alive

Adobe’s long road to open standards has been freshly re-paved with an HTML5-friendly suite of tools. The firm recently announced Animate CC as its “premier” web animation tool for developing HTML5. In its previous incarnation, Animate CC had been called Flash Professional CC – being built for the firm’s once flagship, and …
Gavin Clarke, 07 Dec 2015

Russian "Pawn Storm" expands, rains hell on NATO, air-gapped PCs

One of the most prolific and capable Russian malware groups is using a rare module to infect USB sticks and hose air-gapped machines in defence industry organisations. The group, known as "Sofacy" or "Pawn Storm" has been ripping into air gap defence organisations since at least August, demonstrating its skills using zero day …
Darren Pauli, 07 Dec 2015
steve_jobs_index_648

Oh em gee – Adobe kills Flash Professional (it's called Animate now)

Adobe has released updates to its Creative Cloud application suite, including Photoshop, Illustrator, InDesign and Premiere Pro. Crucially, it has announced a change of direction for its Flash Professional design tool, which will be called Adobe Animate in the next version, due in early 2016. Ten years ago, Adobe's Flash plug …
Tim Anderson, 01 Dec 2015
EVerest_crevasse

Ice cold: How hard man of storage made Everest climb look easy

Feature It’s terrifyingly real, so true to life you are convinced the climbers are there, actually crossing the aluminium ladder bridge, poised above the terrifying drop of a Khumbu Glacier’s ice-fall crevasse in Everest’s Western Cwm. Yet the actors actually clambered across a ladder bridge poised above rubber matting in the UK’s …
Chris Mellor, 30 Nov 2015
The Fontdeck web font serivce is to close

A font farewell to Fontdeck as website service closes

Fontdeck, a service which provided fonts to websites, is to close. Fonts can no longer be purchased, and existing fonts will no longer be served after 1 December 2016. Fontdeck was founded in 2009 by Jon Tan and Richard Rutter, and was a joint venture between two design companies, the Brighton-based ClearLeft and OmniTi in the …
Tim Anderson, 24 Nov 2015

Dum dum dum - another cloud bites the dust (Adobe's photo cloud)

Adobe's announced it will close Revel, its Flickr-like cloudy photo storage service. The company's announced that the service will close its doors on February 23rd, 2016. Users are being herded towards encouraged to instead adopt Adobe's US$9.99/£8.57 a month Creative Cloud Photography offering. Adobe's telling Revel users …
Darren Pauli, 24 Nov 2015
Closeup of new US secret service security training 'ware. Credit: DHS

Who's running dozens of top-secret unpatched databases? The Dept of Homeland Security

The US Department of Homeland Security is running dozens of unpatched databases, some of which are rated "secret" and even "top secret," according to an audit. An inspection [PDF] of the department's IT infrastructure found huge security gaps, including the fact that 136 systems had expired "authorities to operate" – meaning …
Kieren McCarthy, 20 Nov 2015

VMware warns of info leaks flowing from Apache-Adobe mess

VMware has warned users of its vCenter, vCloud Director and Horizon products that they need to patch a flaw in Flex BlazeDS. The flaw, CVE-2015-3269, means Apache Flex BlazeDS “allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity …
Simon Sharwood, 19 Nov 2015

Hacking group Strontium dogs NATO and government targets

There's a new hacking team out there that's proving surprisingly good at getting into government systems using social engineering tactics coupled with zero-day attacks in assaults that can last as long as a year. Dubbed Strontium by researchers at the Microsoft Malware Protection Center, the hackers have been active since 2007 …
Iain Thomson, 18 Nov 2015

Adobe releases out-of-band security patches – amazingly not for Flash

Today, Adobe released important patches for some of its other products – people still using Flash can stand down, however. Web app development kit ColdFusion has a couple of patches for versions 10 and 11 for holes that could be exploited to pull off cross-site scripting attacks. Meanwhile, BlazeDS server-side software has …
Iain Thomson, 17 Nov 2015
money_987_648

Ex-GCHQ chief now heads up infosec firm's advisory board

Sir Iain Lobban, the former chief of GCHQ, has joined a British company's advisory council and has said he finds the prospect of a hands-on role "a scintillating propostion". Glasswall Solutions formally launched on Friday. The company claims that its tech will thwart all potential phishing attacks by deconstructing and …
Injection image via shutterstock

NoSQL: Injection vaccination for a new generation

We are becoming more and more accustomed to reading about losses of online data through malicious hack attacks, accidents, and downright carelessness – it’s almost as if we don’t know how to secure data against the most common forms of attack. Of course, that isn’t really true as best practice, legislation, and education on …
Andrew Cobley, 13 Nov 2015
band_aid_648

Edge joins Explorer in bumper crop of security patches

It's Patch Tuesday the second day of the week in the month of November and Microsoft and Adobe have pushed out their security updates. Joining the perennial favorites Flash and Internet Explorer comes new kid on the block, Edge. Top line news: no zero days this month but there are four critical updates and eight important ones …
Kieren McCarthy, 11 Nov 2015

Read the Economist last weekend? You may have fetched more than just articles (yup, malware)

Third bathroom reading material The Economist served malware from its website via the compromised PageFair network. The biz mag today alerted readers that it put their PCs at risk last weekend. "If you visited economist.com at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have …
Shaun Nichols, 06 Nov 2015

WoW! Want to beat Microsoft's Windows security defenses? Poke some 32-bit software

Two chaps claim to have discovered how to trivially circumvent Microsoft's Enhanced Mitigation Experience Toolkit (EMET) using Redmond's own compatibility tools. A report [PDF] by the duo at Duo Security describes how the Windows on Windows (WoW64) environment can be abused to bypass builtin security tools. WoW64 allows 32- …
Shaun Nichols, 03 Nov 2015

Anti-adblocker firm PageFair's users hit by fake Flash update

Ad-blocker blocker PageFair has announced that it was hacked over Halloween, exposing those visiting sites running its free analytics service (allowing those sites to see how many of their visitors were using ad-blockers, perhaps to prevent being served malware by a third-party) to an executable masquerading as an Adobe Flash …
Plate spinning routine by Henrik Bothe

'T-shaped' developers are the new normal

Blog When I joined QA nearly eight years ago I did so in a time of wonderfully ordered roles and responsibilities. It was a world of web developers, designer, application programmers and database administrators. Each sat in their own little area worrying about only their little part of the puzzle with clear definitions of …
David Walker, 02 Nov 2015
Sad Android

Chrome OS is not dead, insists Google veep in charge of Chrome OS

The Google exec running both Android and Chrome has tried to pour cold water on the story that Mountain View is merging its mobile platforms. Hiroshi Lockheimer, senior vice president of Android, Chrome OS and Chromecast, has tweeted: There’s a ton of momentum for Chromebooks and we are very committed to Chrome OS. I just …
Gavin Clarke, 30 Oct 2015

Shocker: Adobe patches critical Shockwave remote hijack hole

Adobe has patched a critical vulnerability in the Shockwave player that could compromise hundreds of millions of machines. The company brags that some 450 million users run the vulnerable platform and should manually update through the Adobe website. The memory corruption hole (CVE-2015-7649) allows attackers to compromise …
Darren Pauli, 29 Oct 2015

Oracle's Larry Ellison claims his Sparc M7 chip is hacker-proof – Errr...

Analysis Oracle insists it really is going to sell computers powered by Sparc M7 processors – the same chips it started talking about in 2014. On Monday, Big Red breathlessly unveiled hardware powered by the beefy microprocessor, and on Tuesday, its supremo Larry Ellison lauded the 64-bit CPU's security defenses. One of these defenses …
Chris Williams, 28 Oct 2015

Oracle Java 'no longer the greatest risk' to US Windows PC users

Apple's Windows apps have leapfrogged Oracle Java as the biggest security risk to PCs in the US, according to a study by vulnerability management outfit Secunia (now a Flexera Software company). (This shift is mainly down to the forced retirement of aging Java 7 rather than any improvement by Oracle.) Secunia's latest …
John Leyden, 27 Oct 2015