Google has released a new version of their Chrome web browser. The first stable version of Chrome 4 contains some new features like long-waited support for extensions and bookmark syncing. A bunch of security issues has been fixed too.
More information can be read from Chrome Releases blog.
Tuesday, January 26, 2010
Saturday, January 23, 2010
Microsoft Patches Internet Explorer Vulnerability
Microsoft has fixed the Internet Explorer (IE) vulnerability I blogged about last week. The update MS10-002 patches also a few other IE vulnerabilities. More details can be read from the correspondent security bulletin.
Labels:
internet explorer,
Microsoft,
security,
update,
vulnerability
Wednesday, January 20, 2010
Updated Shockwave Player Available
Adobe has released a new version of their Shockwave Player. The update contains fixes for a few vulnerabilities that could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. The affected versions are Shockwave Player 11.5.2.602 and earlier. Fresh version can be obtained here.
More information can be read on Adobe's Security Bulletin.
More information can be read on Adobe's Security Bulletin.
Security Updates For RealPlayer
RealNetworks has released updates that patch eleven vulnerabilities in different RealPlayer versions. More information about affected versions and patching can be read here.
Monday, January 18, 2010
Vulnerabilities In D-Link Routers
SourceSec writes in their blog about vulnerabilities in D-Link routers' HNAP (Home Network Administration Protocol) implementations. "While HNAP does require basic authentication, the mere existence of HNAP on D-Link routers allows attackers and malware to bypass CAPTCHA “security”. Further, HNAP authentication is not properly implemented, allowing anyone to view and edit administrative settings on the router."
SourceSec has verified that vulnerabilities exist in the HNAP implementations of the DI-524, DIR-628 and DIR-655 routers. They also suspect that in worst case all D-Link routers since 2006 could be affected.
Full writeup can be read here.
SourceSec has verified that vulnerabilities exist in the HNAP implementations of the DI-524, DIR-628 and DIR-655 routers. They also suspect that in worst case all D-Link routers since 2006 could be affected.
Full writeup can be read here.
Friday, January 15, 2010
Reported Vulnerability In Internet Explorer
Microsoft is investigating a report of publicly exploited vulnerability in Internet Explorer.The vulnerability exists as an invalid pointer reference within Internet Explorer and when exploited successfully can be used to allow remote code execution in target system.
Affected Internet Explorer versions are:
-Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and
-Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.
Currently there's no patch available. There're some workarounds listed in the corresponding security advisory though.
Affected Internet Explorer versions are:
-Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and
-Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.
Currently there's no patch available. There're some workarounds listed in the corresponding security advisory though.
Wednesday, January 13, 2010
Patches To Oracle Products Available
Oracle has released updates for 24 security vulnerabilities as a part of their quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in April 2010.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in April 2010.
Adobe Patches Reader & Acrobat Products
Adobe has released update that patches critical vulnerabilities in Adobe Reader & Acrobat 9.2 and earlier versions. Among other issues, the patch fixes vulnerability that I blogged about in last month.
More details about the update and solutions can be read from the correspondent Adobe security bulletin.
More details about the update and solutions can be read from the correspondent Adobe security bulletin.
Tuesday, January 12, 2010
Microsoft Security Updates For January 2010
Microsoft has released its monthly security updates. The first packet of the year 2010 contains only one update. MS10-001 fixes vulnerability that could allow remote code execution if a user opens content rendered in a specifically crafted Embedded OpenType (EOT) font in client application that can render EOT fonts. Such applications are for example Microsoft Internet Explorer, Microsoft Office PowerPoint and Microsoft Office Word. The severity of the update is rated as critical for Windows 2000 systems. For other supported Windows operating systems the severity is rated as low.
Microsoft released also a new version of its Windows Malicious Software Removal Tool (MSRT).
More information can be from the bulletin summary.
Microsoft released also a new version of its Windows Malicious Software Removal Tool (MSRT).
More information can be from the bulletin summary.
Friday, January 8, 2010
Data Doctor 2010 - Combination Of Ransomware And Rogue
F-Secure introduces in their blog a pest that combines some elements of ransomware and rogueware. Trojan detected as DatCrypt encrypts Microsoft Office documents, video, music and image files and then shows user error message telling that files are corrupted. It advises user to download "recommended file repair software". This software detected, as Rogue:W32/DatDoc, lets user decrypt only one file unless a full version with price tag of $89.95, is bought.
Sunbelt has provided a decrypting tool to cure Data Doctor 2010 encrypted files.
Sunbelt has provided a decrypting tool to cure Data Doctor 2010 encrypted files.
Tuesday, January 5, 2010
Adobe Working On Automatic updater
Ryan Naraine writes in his post on ZDNet Zero Day blog that Adobe is working on automatic updater that will patch security vulnerabilities without user interaction. The updater will hit beta later this month.
Adobe security chief Brad Arkin says that tool will be configurable for end users that want more control in patching process. Users are given three ways to deal with patching: 1) to download and then give choice to install available update, 2) to notify only or 3) to turn patch updates off completely (obviously, not the most recommended option).
Adobe security chief Brad Arkin says that tool will be configurable for end users that want more control in patching process. Users are given three ways to deal with patching: 1) to download and then give choice to install available update, 2) to notify only or 3) to turn patch updates off completely (obviously, not the most recommended option).
Saturday, January 2, 2010
McAfee Threat Predictions For 2010
McAfee has released their Threat Predictions Report for year 2010. The dealt matters in a nutshell are:
- Social Networks Will Be Platform of Choice for Emerging Threats
- Web Evolution Will Give Cybercriminals New Opportunities to Write Malware
- Banking Trojans, Email Attachments Delivering Malware Will Rise in Volume, Sophistication
- Cybercriminals Continue to Target Adobe Reader, Flash
- Botnet Infrastructure Shifts from Centralized Model to Peer-to-Peer Control
- Cybercrime: A Good Year for Law Enforcement
The report can be found here.
- Social Networks Will Be Platform of Choice for Emerging Threats
- Web Evolution Will Give Cybercriminals New Opportunities to Write Malware
- Banking Trojans, Email Attachments Delivering Malware Will Rise in Volume, Sophistication
- Cybercriminals Continue to Target Adobe Reader, Flash
- Botnet Infrastructure Shifts from Centralized Model to Peer-to-Peer Control
- Cybercrime: A Good Year for Law Enforcement
The report can be found here.
Subscribe to:
Posts (Atom)