Tuesday, August 30, 2016

Opera Browser Sync Users Told To Reset Passwords

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. The company says that it has reset all the Opera sync account passwords as a precaution. More information in Opera blog.

Dropbox Forces Password Reset For Older Users

Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012 they’ll be prompted to update it the next time they log into their account.

Dropbox says this is  “purely a preventative measure” and stresses that there’s no proof that users’ accounts have been improperly accessed.

More information here.

Thursday, August 25, 2016

ESET Threat Radar Report for July 2016

ESET have published a report discussing global threats of July 2016.

TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (2.)
3. Win32/Agent.XWT ( 3.)
4. HTML/Refresh (5.)
5. JS/Adware.Agent.L (4.)
6. HTML/ScrInject (9.)
7. Win32/Ramnit (8.)
8. Win32/Sality (7.)
9. Defo (-)
10. INF/Autorun (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, August 24, 2016

New PHP Versions Released

PHP development team has released 7.0.10 and 5.6.25 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Version 7.0.10
Version 5.6.25

Friday, August 12, 2016

New Version Of Foxit Reader Available

Foxit Software has released a new version of their PDF viewer, Foxit Reader. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader and earlier (Windows)
Foxit Reader and earlier (Mac OS X)
Foxit Reader and earlier (Linux)
Foxit PhantomPDF and earlier (Windows)

More information can be read here.

Fix For vBulletin Available

There has been released an update to vBulletin software that is used on many internet forums. The update fixes a SSRF (Server Side Request Forgery) vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. A public method for exploiting is available so it's strongly advised that vBulletin using forums are updated with the latest version.

Affected versions:
vBulletin 5.2.2 and earlier
vBulletin 4.2.3 and earlier
vBulletin 3.8.9 and earlier

More information:
- http://www.securityfocus.com/archive/1/539149
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta

Wednesday, August 10, 2016

Microsoft Security Updates For August 2016

Microsoft have released security updates for August 2016. This month update contains nine security bulletins of which five categorized as critical and four as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.