Thursday, September 27, 2012

New Chrome Version Available

Google have released version 22.0.1229.79 of their Chrome web browser. New versions contain big bunch of vulnerability fixes:
- critical, outside of Chrome (CVE-2012-2897)
- 15 high (CVE-2012-2889, CVE-2012-2886, CVE-2012-2881, CVE-2012-2876, CVE-2012-2883, CVE-2012-2887, CVE-2012-2888, CVE-2012-2894, CVE-2012-2896 (Mac only), CVE-2012-2874, CVE-2012-2878, CVE-2012-2882, CVE-2012-2893, CVE-2012-2895, CVE-2012-2890)
- five medium (CVE-2012-2877, CVE-2012-2884, CVE-2012-2875, CVE-2012-2880, CVE-2012-2885)
- three low (CVE-2012-2879, CVE-2012-2891, CVE-2012-2892)

More information in Google Chrome Releases blog.

Saturday, September 22, 2012

Critical Vulnerability In Internet Explorer

There has been found a critical vulnerability affecting Internet Explorer versions 6 thru 9. By exploiting the vulnerability attacker may be able to execute arbitrary code in affected system. Microsoft have released a fix to address the vulnerability. More information about this in security bulletin MS12-063.

Thursday, September 20, 2012

Symantec Intelligence Report: August 2012

Symantec has published their Intelligence report that sums up the latest threat trends for August 2012.

Report highlights:
- Spam – 72.3 percent (an increase of 4.7 percentage points since July)
- Phishing – One in 312.9 emails identified as phishing (an increase of 0.109 percentage points since July)
- Malware – One in 233.1 emails contained malware (a decrease of 0.14 percentage points since July)
- Malicious Web sites – 1,099 websites blocked per day (a decrease of 49.8 percent since July)
- The state of data breaches to date in 2012
- A look at a malicious email scam that pretends to come from Symantec
- A new Java zero-day vulnerability appears in the wild
- An overview of the Elderwood Project



The report can be viewed here.

Thursday, September 13, 2012

ITunes 10.7 Released

Apple has released version 10.7 of their iTunes media player. New version fixes in total 163 security vulnerabilities including ones that could allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 10.7 can be read from related security advisory.

Old version users should update to the latest one available.

Wednesday, September 12, 2012

RealPlayer Update

RealNetworks has released updated version of their RealPlayer. New version contains fixes to nine vulnerabilities.

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

WordPress 3.4.2 Released

There's been released a new version of WordPress which contains updates to security vulnerabilities and also some security hardening. More information can be read from WordPress blog.

Microsoft Security Updates For September 2012

Microsoft has released security updates for September 2012. This month update contains two security bulletins of which both are categorized as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, September 10, 2012

ESET Global Threat Report for August 2012

ESET has released a report discussing global threats of August 2012.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. HTML/ScrInject.B (2.)
3. Win32/Conficker (3.)
4. Win32/Sirefef (4.)
5. HTML/Iframe.B (11.)
6. JS/Iframe (9.)
7. Win32/Dorkbot (5.)
8. Win32/Qhost (21.)
9. JS/TrojanDownloader.Iframe.NKE (7.)
10. Win32/Sality (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, September 5, 2012

Chrome Update Available

Google have released version 21.0.1180.89 of their Chrome web browser. New versions contain fixes to eight vulnerabilities:
- three high (CVE-2012-2866, CVE-2012-2869, CVE-2012-2871)
- three medium (CVE-2012-2865, CVE-2012-2868, CVE-2012-2872)
- two low (CVE-2012-2867, CVE-2012-2870)

More information in Google Chrome Releases blog.