Researchers at global cybersecurity firm FireEye are tracking a brand new Russian hacking threat. While this attack is targeted mainly at an undisclosed foreign government right now, typically as soon as some hackers discover a vulnerability other criminals quickly copy it to use the same trick against you.
The attack takes advantage of two security holes known as "zero-day flaws." Reminder: Zero-day flaws are previously unknown secutity holes built into a program that hackers find and use to get around a system's security. The two flaws in this case are in Adobe Flash and Windows.
The attack starts when you visit a malicious website in your browser. The site starts Adobe Flash and uses the first zero-day flaw to trick it into downloading a file to your computer.
The file then uses the Windows zero-day flaw to run as an administrator and take control of your system, even if you're following my advice and using a Standard Windows account.