Sunday, December 30, 2012

Unpatched Vulnerability In Internet Explorer

There has been found a vulnerability in Microsoft Internet Explorer that may allow an attacker to execute arbitrary code in vulnerable system. The vulnerability is currently actively exploited. Internet Explorer 9 and 10 are not known to be affected by this vulnerability.

At the moment, there is no patch released againts the vulnerability. About workarouds can be read here.

Update:
Microsoft have released  MS13-008 to fix this issue.

Saturday, December 22, 2012

ESET Global Threat Report for November 2012

ESET has released a report discussing global threats of November 2012.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. HTML/ScrInject.B (4.)
3. Win32/Conficker (3.)
4. HTML/Iframe.B (2.)
5. Win32/Qhost (7.)
6. Win32/Sirefef (5.)
7. Win32/Dorkbot (6.)
8. JS/TrojanDownloader.Iframe.NKE (8.)
9. JS/Exploit.Pdfka (16.)
10. Win32/Ramnit (10.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, December 20, 2012

Opera 12.12 Released

Opera Software has released an update for their Opera web browser. Version 12.12 contains fixes to three security vulnerabilities.

critical:
* Fixed an issue where malformed GIF images could allow execution of arbitrary code; advisory

high:
* Fixed an issue where private data could be disclosed to other computer users, or be modified by them (only Linux/Unix version affected); advisory

low:
* Fixed an issue where repeated attempts to access a target site could trigger address field spoofing; advisory


Opera users are strongly recommended to update to the latest version. New version can be downloaded here.

Sunday, December 16, 2012

Symantec Intelligence Report: November 2012

Symantec has published their Intelligence report that sums up the latest threat trends for November 2012.

Report highlights:
- Spam – 68.8 percent (an increase of 4.0 percentage points since October)
- Phishing – One in 445.1 emails identified as phishing (a decrease of 0.124 percentage points since October)
- Malware – One in 255.8 emails contained malware (an decrease of 0.05 percentage points since October)
- Malicious websites – 1,847 websites blocked per day (an increase of 97.9 percent since October)
- A look at identities lost in data breaches
- Spam as a holiday tradition



The report can be viewed here.

Friday, December 14, 2012

Security Fixes To Chrome

Google have released version 23.0.1271.97 of their Chrome web browser. New version contains updated version of Adobe Flash and fixes to six vulnerabilities:
- one critical (CVE-2012-5142)
- three high (CVE-2012-5139, CVE-2012-5140, CVE-2012-5144)
- two medium (CVE-2012-5141, CVE-2012-5143)

More information in Google Chrome Releases blog.

Adobe Flash Player and Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.135
- Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258
- Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.29 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
- Users of Adobe AIR 3.5.0.600 for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.880 (Windows) or Adobe AIR 3.5.0.890 (Mac).

More information can be read from Adobe's security bulletin.

Tuesday, December 11, 2012

Microsoft Security Updates For December 2012

Microsoft have released security updates for December 2012. This month update contains seven security bulletins of which five critical and two important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, December 10, 2012

Kaspersky Year 2012 Threat Analysis Report

Kaspersky Lab have published their annual threat analysis report covering the biggest issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

Kaspersky's Top 10 security incidents in 2012 is following:
1. Flashback hits Mac OS X
2. Flame and Gauss: nation-state cyber-espionage campaigns
3. The explosion of Android threats
4. The LinkedIn, Last.fm, Dropbox and Gamigo password leaks
5. The Adobe certificates theft and the omnipresent APT
6. The DNSChanger shutdown
7. The Ma(h)di incident
8. The Java 0-days
9. Shamoon
10. The DSL modems, Huawei banning and hardware hacks

About these and Kaspersky security forecast for 2013 can be read in the report here.

Tuesday, December 4, 2012

New Version of Chrome Released

Google have released version 23.0.1271.95 of their Chrome web browser. New version contains fixes to two vulnerabilities:
- two high (CVE-2012-5138, CVE-2012-5137)

More information in Google Chrome Releases blog.