Monday, December 15, 2014

Symantec Intelligence Report: November 2014

Symantec have published their Intelligence report that sums up the latest threat trends for November 2014.

Report highlights:
- Over 41 percent of email-borne malware contained a link to a malicious or compromised website. URL malware had been present in 3 to 16 percent of malicious emails each month, until this recent surge.
- Kelihos and Gamut are the top two most active botnets in November, comprising 19.2 and 18.8 percent respectively.
- Crypto- ransomware made up 38 percent of all ransomware seen in the month of November.


The report (in PDF format) can be viewed here.

ESET Global Threat Report for November 2014

ESET have published a report discussing global threats of November 2014.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. Win32/Adware.MultiPlug (5.)
4. Win32/TrojanDownloader.Wauchos (-)
5. Win32/Sality (8.)
6. LNK/Agent.AK (7.)
7. JS/Kryptik.I (3.)
8. INF/Autorun (10.)
9. Win32/Ramnit (-)
10. HTML/ScrInject (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, December 12, 2014

Adobe ColdFusion Hotfixes Available

Adobe have released updated versions of ColdFusion web application development platform. These hotfixes address a resource consumption issue that could potentially result in a denial of service (CVE-2014-9166).

Affected versions:
- ColdFusion 11 and 10


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.09 and earlier
Adobe Acrobat 11.0.09 and earlier

*of series X (10.x)
Adobe Reader 10.1.12 and earlier
Adobe Acrobat 10.1.12 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, December 10, 2014

Adobe Flash Player Updates Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 15.0.0.239 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235

- Users of Adobe Flash Player 11.2.202.424 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.425

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

ESET Global Threat Report for October 2014

ESET have published a report discussing global threats of October 2014.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. JS/Kryptik.I (3.)
4. Win32/RiskWare.NetFilter (5.)
5. Win32/Adware.MultiPlug (4.)
6. HTML/ScrInject (-)
7. LNK/Agent.AK (6.)
8. Win32/Sality (7.)
9. HTML/Iframe (8.)
10. INF/Autorun (10.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Microsoft Security Updates For December 2014

Microsoft have released security updates for December 2014. This month update contains seven security bulletins of which three categorized as critical and four as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.