Opera Software has released patch for their Opera web browser. Version 10.01 fixes a few security issues of which the most severe one could allow execution of arbitrary code.
Changelog of Windows version can be read here.
Thursday, October 29, 2009
Wednesday, October 28, 2009
New Updates For Firefox
Mozilla has released new updates for Firefox 3.5.x and older 3.0.x versions. 3.5.4 version fixes 11 vulnerabilities of which six are categorized as critical, three as moderate and two as low. Update 3.0.15, meant for older 3.0.x series, fixes ten vulnerabilities of which five are categorized as critical, three as moderate and two as low.
Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.
Download links and related extra information:
Release notes for 3.5.4 version
Release notes for 3.0.15 version
Mozilla recommends 3.0.x series users to switch to 3.5.x series version. Security and stability updates for 3.0.x versions will be released until January 2010.
Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.
Download links and related extra information:
Release notes for 3.5.4 version
Release notes for 3.0.15 version
Mozilla recommends 3.0.x series users to switch to 3.5.x series version. Security and stability updates for 3.0.x versions will be released until January 2010.
Security updates For VMware Products Available
VMware has released security update to patch two vulnerabilities in their virtualization applications:
*Mishandled exception on page faults (CVE-2009-2267). An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system.
*Directory Traversal vulnerability (CVE-2009-3733). A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.
Affected versions:
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
VMware ESXi 4.0 without patch ESXi400-200909401-BG,
VMware ESXi 3.5 without patches ESXe350-200910401-I-SG,
ESXe350-200901401-I-SG,
VMware ESX 4.0 without patch ESX400-200909401-BG,
VMware ESX 3.5 without patches ESX350-200910401-SG
ESX350-200901401-SG,
VMware ESX 3.0.3 without patches ESX303-200910401-BG,
ESX303-200812406-BG,
VMware ESX 2.5.5 without Upgrade Patch 15.
Further information including updating instructions can be read from VMware's security advisory
*Mishandled exception on page faults (CVE-2009-2267). An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system.
*Directory Traversal vulnerability (CVE-2009-3733). A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.
Affected versions:
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
VMware ESXi 4.0 without patch ESXi400-200909401-BG,
VMware ESXi 3.5 without patches ESXe350-200910401-I-SG,
ESXe350-200901401-I-SG,
VMware ESX 4.0 without patch ESX400-200909401-BG,
VMware ESX 3.5 without patches ESX350-200910401-SG
ESX350-200901401-SG,
VMware ESX 3.0.3 without patches ESX303-200910401-BG,
ESX303-200812406-BG,
VMware ESX 2.5.5 without Upgrade Patch 15.
Further information including updating instructions can be read from VMware's security advisory
Tuesday, October 27, 2009
Fake Facebook Password Reset Confirmation Email Spreads Trojan
MX Lab warns in their blog about Bredolab trojan that is spread in fake Facebook Password Reset Confirmation email messages.
The body of message looks like this:
Attached file contains variant of the trojan. Virustotal uploaded sample was detected bad by 14/41 scanners.
More details in MX Lab's blog.
The body of message looks like this:
Hey <"receiver here"> ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
Attached file contains variant of the trojan. Virustotal uploaded sample was detected bad by 14/41 scanners.
More details in MX Lab's blog.
Malicious Halloween Surprises
It's once again time for Halloween on the upcoming Saturday. Malware authors are also out taking advantage of the occasion. Tom Kelchner from Sunbelt Software introduces in their blog a few "Classic Threats to Watch Out For". Some of those bring malware on user's system and some other harvest user's personal and financial data. List of these non pleasant treats, like dancing skeleton bundled with Storm trojan, can be checked on Sunbelt's blog entry.
Sunday, October 25, 2009
WordPress 2.8.5 Released
There's been released a new version of WordPress which contains bug fixes and also patches a vulnerability that could make it possible to cause a Denial-of-Service attack.
More information can be read from WordPress project blog.
More information can be read from WordPress project blog.
Wednesday, October 21, 2009
Quarterly Security Update Packet From Oracle
Oracle has released updates that contains fixes to 38 different vulnerabilities. The fixes are part of the company's quarterly CPU (critical patch update).
Exact list of the vulnerabilities and instructions how to apply the fixes can be read from Oracle's Critical Patch Update Advisory.
Next critical patch update Oracle plans to release in January 2010.
Exact list of the vulnerabilities and instructions how to apply the fixes can be read from Oracle's Critical Patch Update Advisory.
Next critical patch update Oracle plans to release in January 2010.
Fake Microsoft Alerts Under Conficker Worm Theme
Malware authors are once again spreading their creations thru email. Sophos warns in their blog about bogus Microsoft alerts regarding Conficker worm. Message looks like one below (other variants may exist):
Attached file contains malware that Sophos detects as Mal/ZipMal-C and Mal/EncPk-KP.
Subject: Conflicker.B Infection Alert
Attached file: install.zip
Message body:
Dear Microsoft Customer,
Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
Regards,
Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division
Attached file contains malware that Sophos detects as Mal/ZipMal-C and Mal/EncPk-KP.
Friday, October 16, 2009
Mozilla Opens Plugin Check Site For Firefox Users
Nowadays, most web browsers can be equipped with different handy plugins. There's a catch though: outdated browser plugins can put whole system under threat with their vulnerabilities. Mozilla has promised that its upcoming Firefox 3.6 version will have inbuilt check for installed plugins. While waiting for that release, Firefox users can surf to Plugin Check site to find out if any of their plugins is outdated and needs updating.
Mozilla gave some pre-taste of this new feature in Firefox 3.5.3 and 3.0.14 versions in which it introduced inbuilt check for Adobe Flash Player plugin.
Mozilla gave some pre-taste of this new feature in Firefox 3.5.3 and 3.0.14 versions in which it introduced inbuilt check for Adobe Flash Player plugin.
Wednesday, October 14, 2009
Critical Update For Adobe Reader And Acrobat Available
Adobe has released patched versions for its Adobe Reader and Acrobat products. In total, the updates patch 29 vulnerabilities.
Affected versions are Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.
"Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates."
More information about this critical categorized update with links to non-vulnerable versions can be read from the official security advisory.
Affected versions are Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh.
"Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates."
More information about this critical categorized update with links to non-vulnerable versions can be read from the official security advisory.
Tuesday, October 13, 2009
Big Bunch Of Updates For October 2009 From Microsoft
Microsoft has released its monthly security update packet. October 2009 update consists of total of 13 different updates of which eight are critical and five important.
Critical updates:
Important updates:
New version of Microsoft Windows Malicious Software Removal Tool was released too.
More information of the update and its contents can be read from here.
For consumer the easist way to get the update is to use Microsoft Update service.
Critical updates:
MS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
MS09-051: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
MS09-052: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
MS09-054: Cumulative Security Update for Internet Explorer (974455)
MS09-055: Cumulative Security Update of ActiveX Kill Bits (973525)
MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
Important updates:
MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-057: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-058: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-059: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
New version of Microsoft Windows Malicious Software Removal Tool was released too.
More information of the update and its contents can be read from here.
For consumer the easist way to get the update is to use Microsoft Update service.
Saturday, October 10, 2009
Eight Things About Koobface
Koobface malware has been one of the hottest names lately. Ryan Flores, Advanced Threats Researcher, has posted a list containing eight things about this social networking sites bothering pest in Trend Micro blog.
Ryan, Jonell Baltazar, Joey Costoya have also published an interesting research report of KOOBFACE named as The Heart of KOOBFACE: C&C and Social Network Propagation.
Ryan, Jonell Baltazar, Joey Costoya have also published an interesting research report of KOOBFACE named as The Heart of KOOBFACE: C&C and Social Network Propagation.
Wednesday, October 7, 2009
SMS Spam In Finland
F-Secure writes in their blog about SMS spam that some Finnish mobile phone users have received. Message contains Finnish text that translates as "Video message, click" with a link to website (other variants may exist). If opened, the link directs user to "Mobile Tube" service. On the bottom of the page fine print in Finnish says that "the user has accepted a premium rate service, and if he wishes, he can cancel the contract".
"The scam works if the user has a WAP access point enabled, as is per default with most operators. The scammers will get the necessary information for billing just by having the user click a link and visiting the web page."
F-Secure reported of similar scam in their blog in July. However, this is the first time such thing appears in Finnish language.
"So whenever you see unexpected links via SMS, just delete the message and do not click them. If you clicked on a link, check if the page has an unsubscribe link. If it does, unsubscribe from the service and then file a complaint to your phone operator if you are billed by the premium service vendor", F-Secure guides.
"The scam works if the user has a WAP access point enabled, as is per default with most operators. The scammers will get the necessary information for billing just by having the user click a link and visiting the web page."
F-Secure reported of similar scam in their blog in July. However, this is the first time such thing appears in Finnish language.
"So whenever you see unexpected links via SMS, just delete the message and do not click them. If you clicked on a link, check if the page has an unsubscribe link. If it does, unsubscribe from the service and then file a complaint to your phone operator if you are billed by the premium service vendor", F-Secure guides.
Tuesday, October 6, 2009
Big Scam Hits Email Accounts
BBC News reports about a big scam that has hit more than 30,000 email account. Account details had been posted online in two lists. First list of over 10,000 Hotmail account credientals had been reported yesterday and today there was a report of second list that contains over 20,000 email account credientals. The Credientals on this list include Hotmail, Yahoo, AOL, Gmail and also some from Earthlink and Comcast. It's still unclear whether or not both lists are related to same phishing scam.
Email scam related BBC articles:
Phishing attack targets Hotmail
Scam hits more e-mail accounts
Google targeted in e-mail scam
Email scam related BBC articles:
Phishing attack targets Hotmail
Scam hits more e-mail accounts
Google targeted in e-mail scam
Test Versions of Mozilla's Content Security Policy Out
Mozilla tells in their blog that they have completed first test versions of new Content Security Policy (CSP) technology and that it will be included in the upcoming Firefox versions. The main target of CSP is to prevent XSS -attacks (cross site scripting) that have become important tool for data criminals. In XSS -attack criminals inject malicious code to web site. Code redirects browser to download contents direct from criminal servers while user sees the site .
The idea of CSP is that website administrators specify which domains the browser should treat as valid sources of script. This prevents Firefox users from accessing malicious contents even if criminals would have success in injecting xss in the website. Clickjacking attacks can be prevented in the same way.
Detailed explanation of CSP and how it works can be viewed here.
The idea of CSP is that website administrators specify which domains the browser should treat as valid sources of script. This prevents Firefox users from accessing malicious contents even if criminals would have success in injecting xss in the website. Clickjacking attacks can be prevented in the same way.
Detailed explanation of CSP and how it works can be viewed here.
Saturday, October 3, 2009
Report Of Phishing Activity Trends From APWG
The Anti-Phishing Working Group (APWG) has published Phishing Activity Trends report of the 1st half of year 2009. The report can be read here.
Subscribe to:
Posts (Atom)