Vulnerability in Adobe Flash
To All ICT Users
We have been notified by the National Cyber Security Centre (NCSC) and by the Scottish Government’s Cyber Resilience Unit of a “Zero-Day” vulnerability in Adobe Flash. This is a significant vulnerability which could potentially allow an attacker to take control of an affected system.
Flash Player is used on many websites to provide animated graphics and also embedded video players. However Flash files (file names ending in .SWF) can be attached directly to emails and also embedded in Microsoft Office documents (Word, Excel, Powerpoint, etc.).
Adobe are working to release a patch to fix this vulnerability and this will be deployed across all council devices once it is available. In the meantime, all staff are asked to be vigilant and apply the following guidelines:
- Think before you click! Don’t open attachments from people you don’t know, and be careful with attachments from people you do know. Never click on a link in an email without being sure who the email is from and where the link will take you to; if you are suspicious then phone the apparent sender to check they sent it (don’t simply reply to the email), or check with ICT.
- Take care when accessing websites and especially when opening or viewing Microsoft Office documents that have come from external sources, even if they appear to come from trusted sources.
- Be suspicious of any email that instructs you to make a download no matter who it claims to be from or how urgent it claims to be.
- Be suspicious of any unexpected email that claims to be from someone you know. The sender address of an email can be ‘spoofed’ so although it appears to come from someone you trust, it may not have been sent by them. Examine the ‘from’ address very carefully. Does it start with one email address but end with another? Or is the ‘Subject’ line not something you would expect that person to use in an email?
- Never give out your password, even to work colleagues.
If you do inadvertently click on a link or open an attachment which you think is suspicious, or if you observe any other behaviour which you think is unusual or suspicious, contact the ICT Helpdesk immediately on (01343) 563333 or email firstname.lastname@example.org.