Tuesday, November 24, 2015

Adobe ColdFusion Hotfix Available

Adobe have released updated versions of ColdFusion web application development platform. This hotfix resolves two input validation issues (CVE-2015-8052 and CVE-2015-8053) that could be used to conduct reflected cross-site scripting attacks. The fix also includes an updated version of BlazeDS which resolves an important Server-side Request Forgery vulnerability (CVE-2015-5255).  

Affected versions:
- ColdFusion 11 and 10

More information can be read from Adobe's security bulletin.

Adobe LiveCycle Data Services Fix Available

Adobe has released an update for LiveCycle Data Services (LiveCycle DS). The update includes patched version of BlazeDS that fixes an important server-side request forgery vulnerability.

Affected versions:
LiveCycle DS versions 4.7, 4.6.2, 4.5, 3.1.x, 3.0.x on Windows, Macintosh and Unix platforms

More information in Adobe security bulletin.

Monday, November 16, 2015

ESET Threat Radar Report for October 2015

ESET have published a report discussing global threats of October 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Bundpil (1.)
2. LNK/Agent.BS (-)
3. LNK/Agent.AV (5.)
4. JS/TrojanDownloader.Iframe (2.)
5. HTML/ScrInject (4.)
6. Win32/Sality (7.)
7. Win32/Ramnit (9.)
8. JS/IFrame (-)
9. INF/Autorun (10.)
10. Win32/AdWare.ConvertAd (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Symantec Intelligence Report: October 2015

Symantec have published their Intelligence report that sums up the latest threat trends for October 2015.

Report highlights:
- The number of vulnerabilities disclosed increased in October, from 349 in September to 441 reported during this month.
- Crypto-ransomware was up once again during October, setting another high for 2015.
- Large enterprises were the target of 67.9 percent of spear-phishing attacks as well, up from 45.7 percent in September.

The report (in PDF format) can be viewed here.

Wednesday, November 11, 2015

Google Chrome Updated

Google have released version 46.0.2490.86 of their Chrome web browser. Among other fixes the new version contains an update to Adobe Flash Player ( More information about changes in Google Chrome Releases blog.

Microsoft Security Updates For November 2015

Microsoft have released security updates for November 2015. This month update contains 12 security bulletins of which four categorized as critical and eight as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player

- Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR SDK & Compiler and earlier versions should update to the Adobe AIR SDK & Compiler

- Users of Adobe AIR and earlier versions for Desktop Runtime should update to Adobe AIR

More information can be read from Adobe's security bulletin.