Monday, July 20, 2015

Symantec Intelligence Report: June 2015

Symantec have published their Intelligence report that sums up the latest threat trends for June 2015.

Report highlights:
- At 49.7 percent, the overall spam rate has dropped below 50 percent for the first time since September, 2003.
- There were 57.6 million new malware variants created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April.
- Ransomware attack has increased for the second month in a row and crypto-ransomware has reached its highest levels since December 2014.


The report (in PDF format) can be viewed here.

Oracle Critical Patch Update For Q3 of 2015

Oracle have released updates for their products that fix 193 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2015.

ESET Global Threat Report for June 2015

ESET have published a report discussing global threats of June 2015.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (2.)
2. Win32/Adware.MultiPlug (1.)
3. LNK/Agent.BO (-)
4. JS/Kryptik.I (3.)
5. LNK/Agent.AV (4.)
6. Win32/AdWare.ConvertAd (5.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. INF/Autorun (8.)
10. LNK/Agent.BM (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, July 16, 2015

Google Chrome Updated

Google have released version 43.0.2357.134 of their Chrome web browser. The new version contains updated Adobe Flash Player (18.0.0.209). More information about changes in Google Chrome Releases blog.

Wednesday, July 15, 2015

Microsoft Security Updates For July 2015

Microsoft have released security updates for July 2015. This month update contains 14 security bulletins of which four categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.007.20033 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30033 and earlier

*of series XI (11.x)
Adobe Reader 11.0.11 and earlier
Adobe Acrobat 11.0.11 and earlier

*of series X (10.x)
Adobe Reader 10.1.14 and earlier
Adobe Acrobat 10.1.14 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.1.8.158 and earlier should update to Adobe Shockwave Player 12.1.9.159.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.