Thursday, August 28, 2014

Google Chrome Updated

Google have released version 37.0.2062.94 of their Chrome web browser. New version contains fixes to 50 security issues among other fixed issues.

More information about these in Google Chrome Releases blog.

Saturday, August 16, 2014

Symantec Intelligence Report: July 2014

Symantec have published their Intelligence report that sums up the latest threat trends for July 2014.

Report highlights:
- The .doc file type continues to be the most common attachment type used in spear-phishing attacks, followed by .exe files.
- The largest data breach reported in July resulted in the exposure of 900,000 identities.
- Of the mobile threats discovered in the last 12 months, 24 percent steal information from the device and 22 percent track the device’s user.

The report (in PDF format) can be viewed here.

Wednesday, August 13, 2014

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a vulnerability in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerability (CVE-2014-0546) could allow an attacker to circumvent sandbox protection on the Windows platform.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.07 and earlier
Adobe Acrobat 11.0.07 and earlier

*of series X (10.x)
Adobe Reader 10.1.10 and earlier
Adobe Acrobat 10.1.10 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player (Windows NPAPI plugin for Firefox version is

- Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of the Adobe AIR SDK and earlier versions should update to the Adobe AIR SDK.

- Users of the Adobe AIR SDK & Compiler and earlier versions should update to the Adobe AIR SDK & Compiler.

- Users of Adobe AIR and earlier versions for Android should update to Adobe AIR

- Users of Adobe AIR and earlier versions for Windows and Macintosh should update to Adobe

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For August 2014

Microsoft have released security updates for August 2014. This month update contains nine security bulletins of which two categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, August 12, 2014

Critical Vulnerability In WordPress Plugin

There has been found a critical vulnerability in Custom Contact Forms WordPress plugin. The vulnerability allows an attacker to download and modify database remotely.

Affected are Custom Contact Forms and earlier versions.

Fixed version can be downloaded here.

More information here.

Sunday, August 10, 2014

Internet Explorer To Block Outdated ActiveX Controls

Starting August 12th Microsoft is going to release an update for Internet Explorer that will start blocking out-of-date ActiveX controls. "ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious or compromised Web pages can target security flaws in outdated controls to collect information, install dangerous software, or by let someone else control your computer remotely."

More information about the upcoming feature can be read from the related blog post.