Tuesday, April 15, 2014

ESET Global Threat Report for March 2014

ESET have published a report discussing global threats of March 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (2.)
3. Win32/Sality (3.)
4. INF/Autorun (4.)
5. Win32/Qhost (5.)
6. HTML/ScrInject (6.)
7. Win32/Conficker (8.)
8. Win32/Ramnit (7.)
9. Win32/Dorkbot (9.)
10. JS/Fbook (-)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, April 11, 2014

Google Chrome Updated

Google have released version 34.0.1847.116 of their Chrome web browser. Among other bug fixes the new version contains fixes to 31 security issues and also a new version (13.0.0.182) of Flash Player.

More information in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.182

- Users of Adobe Flash Player 11.2.202.346 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.350

- For users of Flash Player 11.7.700.272 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 13.0.0.182, Adobe has made available the update Flash Player 11.7.700.275, which can be downloaded here. Beginning May 13, 2014, Adobe Flash Player 13 for Mac and Windows will replace version 11.7 as the extended support version. Adobe recommends users upgrade to version 13 to continue to receive security updates. See this blog post for further details.

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of Adobe AIR 4.0.0.1628 and earlier versions for Android should update to Adobe AIR 13.0.0.83.

- Users of the Adobe AIR 4.0.0.1628 SDK and earlier versions should update to the Adobe AIR 13.0.0.83 SDK.

- Users of the Adobe AIR 4.0.0.1628 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.83 SDK & Compiler.


More information can be read from Adobe's security bulletin.

Wednesday, April 9, 2014

Microsoft Security Updates For April 2014

Microsoft have released security updates for April 2014. This month update contains four security bulletins of which two categorized as critical and two as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, April 7, 2014

What To Do With Computers Equipped With Windows XP?

Support for Windows XP is ending on April 8 2014. That means no new security patches for Windows XP will be released after that date. What to do if upgrading to a new operating system is not possible of a reason or another?

Here are some links about the subject:
http://betanews.com/2014/03/12/forced-to-use-windows-xp-past-april-10-ways-to-make-the-best-of-a-bad-situation/

http://www.technibble.com/windows-xp-support-ends-in-april-2014-what-technicians-need-to-know/

http://www.pcworld.com/article/2102606/how-to-keep-your-pc-secure-when-microsoft-ends-windows-xp-support.html

Sunday, March 30, 2014

Vulnerability In Microsoft Word

Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. The vulnerability (CVE-2014-1761) could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. By exploiting the vulnerability successfully an attacker may be able to execute arbitrary code in affected system.

Affected are:
Microsoft Word 2003 Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 RT
Microsoft Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013

At the moment there is no patch for the vulnerability available. For a workaround and more information please see the related security advisory.

Friday, March 28, 2014

ESET Global Threat Report for February 2014

ESET have published a report discussing global threats of February 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (5.)
3. Win32/Sality (2.)
4. INF/Autorun (4.)
5. Win32/Qhost (9.)
6. HTML/ScrInject (3.)
7. Win32/Ramnit (6.)
8. Win32/Conficker (7.)
9. Win32/Dorkbot (10.)
10. Win32/TrojanDownloader.Waski (-)





Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).