PHP development team has released 5.2.9 version of PHP scripting language. New version fixes over 50 bugs of which several are security related. All PHP users are recommended to upgrade their versions to this latest release.
More details about 5.2.9 release can be read from official release announcement.
Friday, February 27, 2009
Wednesday, February 25, 2009
Flash Player Update Available
Adobe has released a critical classed update for its Flash Player. A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. Released update contains a fix to this mentioned vulnerability. It fixes also a few other vulnerabilities (more details in correspondent Security Advisory).
Users with Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3 and earlier for Linux) are recommended to update their versions to the latest one (10.0.22.87 at the moment) by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link.
Users with Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3 and earlier for Linux) are recommended to update their versions to the latest one (10.0.22.87 at the moment) by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link.
Tuesday, February 24, 2009
Update For Windows Autorun
Microsoft has released an update for Windows autorun functionality. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected (CVE-2008-0951).
This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.
Source: Microsoft Security Advisory (967940)
This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715.
Source: Microsoft Security Advisory (967940)
Sunday, February 22, 2009
New Variant of Conficker Worm Released
"The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates", writes Computerworld.
The new variant, dubbed Conficker B++, was spotted a few days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.
All variants of Conficker have now infected about 10.5 million computers. Users with MS08-067 patch installed are safe also from this latest variant.
The new variant, dubbed Conficker B++, was spotted a few days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.
All variants of Conficker have now infected about 10.5 million computers. Users with MS08-067 patch installed are safe also from this latest variant.
Friday, February 20, 2009
Buffer Overflow Issue In Adobe Reader And Acrobat - No Patch Available Yet
Adobe warns about a critical vulnerability in Adobe Reader 9 & Acrobat and earlier versions. The found vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. The issue is being exploited already.
There's no update released to patch the vulnerability yet. "Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow."
While waiting for the fix users should keep their antivirus programs up-to-date and avoid opening files from dubious sources.
Adobe's security advisory on the issue can be found here.
There's no update released to patch the vulnerability yet. "Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow."
While waiting for the fix users should keep their antivirus programs up-to-date and avoid opening files from dubious sources.
Adobe's security advisory on the issue can be found here.
Tuesday, February 17, 2009
Exploit Targeting MS09-002 Vulnerability
Jake Soriano writes in TrendLabs blog about a pest targeting a critical vulnerability in Internet Explorer 7 which Microsoft patched with MS09-002 update last Tuesday.
The threat starts with a spammed malicious .DOC file which TrendMicro detects as XML_DLOADR.A. "This file has a very limited distribution script, suggesting it may be a targeted attack. It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS."
On a system without MS02-002 patch installed HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS by TrendMicro. This backdoor in turn installs a .DLL file with information stealing capabilities. It sends stolen information to another URL through port 443.
The threat starts with a spammed malicious .DOC file which TrendMicro detects as XML_DLOADR.A. "This file has a very limited distribution script, suggesting it may be a targeted attack. It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS."
On a system without MS02-002 patch installed HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS by TrendMicro. This backdoor in turn installs a .DLL file with information stealing capabilities. It sends stolen information to another URL through port 443.
Saturday, February 14, 2009
Safari 3.2.2 For Windows Released
Apple has released version 3.2.2 of its Safari browser for Windows.
New version fixes input validation issues in Safari’s handling of feed: URLs that could allow execution of arbitrary JavaScript in the local security zone.
More information on the fix here.
New version of Safari can be downloaded here.
New version fixes input validation issues in Safari’s handling of feed: URLs that could allow execution of arbitrary JavaScript in the local security zone.
More information on the fix here.
New version of Safari can be downloaded here.
ISC Lists Third Party Information Sources On Conficker
Internet Storm Center has released a good list of links containing third party information on Conficker worm. The list can be found here.
Wednesday, February 11, 2009
Waledac Valentine's Day Theme
Valentine's Day is coming and that gives also coders of malicious software a chance spread their creations. Websense warns about new Waledac variant that is spread under Valentine's Day theme.
User is sent spam message notifying that there's an eCard waiting. Message contains a link where the card can be seen. "Once a user opens the URL in the spammed message, he is redirected to a site with 2 puppies and a love heart to give a Valentines theme. The user is then enticed to download a Valentines kit to prepare a present for a loved one, which is a new Waledac variant", writes Websense.
User is sent spam message notifying that there's an eCard waiting. Message contains a link where the card can be seen. "Once a user opens the URL in the spammed message, he is redirected to a site with 2 puppies and a love heart to give a Valentines theme. The user is then enticed to download a Valentines kit to prepare a present for a loved one, which is a new Waledac variant", writes Websense.
Tuesday, February 10, 2009
Microsoft Updates For February 2009
Microsoft released updates for February today. Four updates contain fixes for eight vulnerabilities. Fixed vulnerabilities are in Microsoft Exchange, Microsoft SQL Server, Microsoft Visio and Internet Explorer 7.
Two of the updates are categorized as critical (MS09-002 & MS09-003) and two as important (MS09-004 & MS09-005). Installing the updates may require a system restart.
New version of Microsoft Windows Malicious Software Removal Tool was also released.
More information about the updates can be read here.
The easist way to get the update is to use Microsoft automatic update service.
Two of the updates are categorized as critical (MS09-002 & MS09-003) and two as important (MS09-004 & MS09-005). Installing the updates may require a system restart.
New version of Microsoft Windows Malicious Software Removal Tool was also released.
More information about the updates can be read here.
The easist way to get the update is to use Microsoft automatic update service.
Monday, February 9, 2009
Kaspersky Breach Exposes Sensitive Database, Says Hacker
"A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers", writes The Register.
"In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing "users, activation codes, lists of bugs, admins, shop, etc." Kaspersky has declined to comment, but two security experts who reviewed the evidence said the claims appeared convincing."
Assuming that the hack is real it wouldn't be the first time that Kaspersky site has been hacked with a SQL injection. In July 2008, Kaspersky's Malaysian site and several subdomains were harmed by hacker leaving pro-Turkish slogans behind.
"In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing "users, activation codes, lists of bugs, admins, shop, etc." Kaspersky has declined to comment, but two security experts who reviewed the evidence said the claims appeared convincing."
Assuming that the hack is real it wouldn't be the first time that Kaspersky site has been hacked with a SQL injection. In July 2008, Kaspersky's Malaysian site and several subdomains were harmed by hacker leaving pro-Turkish slogans behind.
Wednesday, February 4, 2009
Vulnerabilities In Mozilla Products
There have been found in Mozilla products: Mozilla Firefox, Thunderbird and SeaMonkey. One (MFSA 2009-01) is categorized as critical, two (MFSA 2009-02 & MFSA 2009-03) as high, one (MFSA 2009-04) as moderate and two (MFSA 2009-05 & MFSA 2009-06) as low.
Vulnerable are following versions:
- Mozilla Firefox 3.x several different versions (2009-01, 2009-02, 2009-03, 2009-04, 2009-05, 2009-06)
- Mozilla Firefox 2.x several different versions (2009-01, 2009-03, 2009-04, 2009-05, 2009-06)
- Mozilla Thunderbird 2.x several different versions (2009-01)
- Mozilla SeaMonkey 1.x several different versions (2009-01, 2009-04, 2009-05)
Non vulnerable versions:
- Mozilla Firefox 3.0.6
- Mozilla Thunderbird 2.0.0.21
- Mozilla SeaMonkey 1.1.15
At the moment of writing this only Firefox fixed version is available. That can be updated with in-built updater or alternatively new version can be downloaded here.
When released, new version for Mozilla Thunderbird can be downloaded here and Mozilla SeaMonkey here.
Vulnerable are following versions:
- Mozilla Firefox 3.x several different versions (2009-01, 2009-02, 2009-03, 2009-04, 2009-05, 2009-06)
- Mozilla Firefox 2.x several different versions (2009-01, 2009-03, 2009-04, 2009-05, 2009-06)
- Mozilla Thunderbird 2.x several different versions (2009-01)
- Mozilla SeaMonkey 1.x several different versions (2009-01, 2009-04, 2009-05)
Non vulnerable versions:
- Mozilla Firefox 3.0.6
- Mozilla Thunderbird 2.0.0.21
- Mozilla SeaMonkey 1.1.15
At the moment of writing this only Firefox fixed version is available. That can be updated with in-built updater or alternatively new version can be downloaded here.
When released, new version for Mozilla Thunderbird can be downloaded here and Mozilla SeaMonkey here.
Sunday, February 1, 2009
Ukrainian DNSChanger websites taken offline
"A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider", writes Washington Post.
"Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers."
Good news is that this finally happened. Sad thing is that users currently infected with DNSChanger can't now get online since they don't have working DNS servers available. Also, as stated in the article, seems that groups behind DSNChanger trojan have begun to move to a new network called 'Zlkon.lv' in Latvia.
"Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers."
Good news is that this finally happened. Sad thing is that users currently infected with DNSChanger can't now get online since they don't have working DNS servers available. Also, as stated in the article, seems that groups behind DSNChanger trojan have begun to move to a new network called 'Zlkon.lv' in Latvia.
Subscribe to:
Posts (Atom)