Saturday, July 23, 2011

New Version Of Foxit Reader Available

Foxit Software has released a new version of their PDF viewer, Foxit Reader. In addition to a bunch of minor bugs there're fixes for two security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system. The first vulnerability is caused by Insecure Library Loading and the second one is related to opening certain PDF files in a web browser.

Affected are Foxit Reader versions earlier than 5.0.2. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading a fresh version here (Note: remember to unselect Ask related options during the installation process unless you really want that installed too).

Friday, July 22, 2011

New Versions Of Safari Released

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 58 different vulnerabilities. These vulnerabilities may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.1 or 5.0.6. Users of vulnerable Safari versions can get the latest version here.

Adobe warns that Safari 5.1 will break part of Adobe Acrobat and Adobe Reader Safari plugin functionality. More about this in Adobe blog post.

More information of security content of 5.1 and 5.0.6 versions can be read here.

Wednesday, July 20, 2011

Oracle Critical Patch Update For Q3 of 2011

Oracle has released updates for their products that fix 78 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2011.

Monday, July 18, 2011

New Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Version 1.1.11 contains fixes to two stack overflow vulnerabilities of RealMedia and AVI handling (security advisories 1105 and 1106).

Affected are VLC Player versions prior 1.1.11. Owners of those versions should update to the latest version.

Sunday, July 17, 2011

ESET Global Threat Report for June 2011

ESET has released a report discussing global threats of June 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/Sality (4.)
4. Win32/PSW.OnLineGames (3.)
5. Win32/Autoit (8.)
6. HTML/Iframe.B.Gen (7.)
7. Win32/Bflient (9.)
8. HTML/StartPage.NAE (5.)
9. HTML/ScrInject.B (11.)
10. Win32/Autorun (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

NSS Labs Browser Security Test Europe Q2 2011 Report

NSS Labs has published a report of a test they made to compare how different browsers managed against socially-engineered malware targeting European users.

Tested browsers were:
-Apple Safari 5
-Google Chrome 10
-Windows Internet Explorer 8
-Windows Internet Explorer 9
-Mozilla Firefox 4
-Opera 11

The test winner was Internet Explorer 9. It was able to catch 92% of malware with its URL-based filtering and 100% with Application-based filtering enabled. The second came Internet Explorer 8 with 90% success of blocking. The third place was shared by Safari 5, Chrome 10 and Firefox 4, each able to stop 13%. Opera 11 was left the last with 5%.

The full report can be read here.

Friday, July 15, 2011

Hotmail Introduces New Features To Prevent Email Account Hijacking

Email account hijacking has been one of the top problems I've faced while helping users on security forums. Big part of affected accounts is from Hotmail. Hotmail team knows about the problem and have developed two new features in order to help prevent account hijacking.

One of these is to let Hotmail user report if they suspect some of their friend's account as compromised. In situation like this user can take advantage of "My friend's been hacked!" feature on the "Mark as" menu. Alternatively, account can be reported as compromised while moving message to the Junk folder. Reporting isn't limited to Hotmail accounts only but accounts from other email providers like Yahoo and Gmail can be reported too. The second new feature prevents user from using common passwords as their account password.

More about these features can be read from related blog post in Windows Live blog.

Tuesday, July 12, 2011

Microsoft Security Updates For July 2011

Microsoft has released security updates for July 2011. This month update contains four security bulletins, one critical and three important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Monday, July 4, 2011

New WordPress Version Available

There has been fixed a vulnerability in WordPress. The vulnerability could allow a malicious Editor-level user to gain further access to the site. Affected are:
-WordPress 3.1 prior version 3.1.4
-WordPress 3.2 prior version Release Candidate 3

More information (including instructions for updating) can be read from WordPress blog.

Saturday, July 2, 2011

MessageLabs Intelligence Report: June 2011

MessageLabs has published their Intelligence report that sums up the latest threat trends for June 2011.

Report highlights:
- Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011)
- Phishing – One in 330.6 emails identified as phishing (a decrease of 0.05 percentage points since May 2011)
- Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011)
- Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011)
- 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011)
- 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011)
- Review of Spam-sending botnets in June 2011
- Clicking to Watch Videos Leads to Pharmacy Spam
- Wiki for Everything, Even for Spam
- Phishers Return for Tax Returns
- Fake Donations Continue to Haunt Japan
- Spam Subject Line Analysis
- Best Practices for Enterprises and Users


The report can be viewed here.