There have been found and fixed some vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities protocol analyzers in Wireshark can be prevented from working.
Vulnerable versions:
- Wireshark 1.8 series from version 1.8.0 to 1.8.8
- Wireshark 1.10.0
Non vulnerable version of Wireshark can be downloaded here.
More information about the contents of new versions can be read from release notes:
1.8.9
1.10.1
ISC Diary entry about the update can be viewed here.
Tuesday, July 30, 2013
Sunday, July 28, 2013
Symantec Intelligence Report: June 2013
Symantec have published their Intelligence report that sums up the latest threat trends for June 2013.
Report highlights:
- The total number of vulnerabilities in 2013 is up 16 percent, as compared to the same time period in 2012.
- The number of zero day vulnerabilities found in the first half of 2013 is 12, compared to 14 in all of 2012.
- Automated phishing toolkits account for close to 47 percent of all phishing attacks to date in 2013.
The report (in PDF format) can be viewed here.
Report highlights:
- The total number of vulnerabilities in 2013 is up 16 percent, as compared to the same time period in 2012.
- The number of zero day vulnerabilities found in the first half of 2013 is 12, compared to 14 in all of 2012.
- Automated phishing toolkits account for close to 47 percent of all phishing attacks to date in 2013.
The report (in PDF format) can be viewed here.
Saturday, July 27, 2013
IBM Security Updates July 2013
IBM have released their software update (Synchronized Security Release, SSR) for July. Updates fix eight vulnerabilities in IBM Java Runtime Environment (JRE).
Affected versions:
- IBM Java JRE 1.4.2 prior version 1.4.2 SR13-FP18
- IBM Java JRE 5.0 prior version 5.0.0 SR16-FP3
- IBM Java JRE 6 prior versions 6.0.0 SR14 and 6.0.1 SR6
- IBM Java JRE 7 prior version 7.0.0 SR5
More information in the related alert
Affected versions:
- IBM Java JRE 1.4.2 prior version 1.4.2 SR13-FP18
- IBM Java JRE 5.0 prior version 5.0.0 SR16-FP3
- IBM Java JRE 6 prior versions 6.0.0 SR14 and 6.0.1 SR6
- IBM Java JRE 7 prior version 7.0.0 SR5
More information in the related alert
Wednesday, July 17, 2013
Oracle Critical Patch Update For Q3 of 2013
Oracle have released updates for their products that fix 89 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2013.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2013.
Thursday, July 11, 2013
Google Chrome Updated
Google have released version 28.0.1500.71 of their Chrome web browser. New version contains fixes to 15 vulnerabilities:
-one critical (CVE-2013-2870)
-four high (CVE-2013-2879, CVE-2013-2871, CVE-2013-2873, CVE-2013-2880)
-seven medium (CVE-2013-2868, CVE-2013-2869, CVE-2013-2853, CVE-2013-2874 Windows + NVIDIA only, CVE-2013-2875, CVE-2013-2876, CVE-2013-2878)
-three low (CVE-2013-2867, CVE-2013-2872 Mac only, CVE-2013-2877)
More information in Google Chrome Releases blog.
-one critical (CVE-2013-2870)
-four high (CVE-2013-2879, CVE-2013-2871, CVE-2013-2873, CVE-2013-2880)
-seven medium (CVE-2013-2868, CVE-2013-2869, CVE-2013-2853, CVE-2013-2874 Windows + NVIDIA only, CVE-2013-2875, CVE-2013-2876, CVE-2013-2878)
-three low (CVE-2013-2867, CVE-2013-2872 Mac only, CVE-2013-2877)
More information in Google Chrome Releases blog.
Wednesday, July 10, 2013
Adobe ColdFusion Update Available
Adobe have released updated version of ColdFusion web application development platform. The new version fix two vulnerabilities. A vulnerability (CVE-2013-3350) that could allow an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets, and a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun.
Affected versions:
- ColdFusion 10 for Windows, Macintosh and Linux (CVE-2013-3349 not affected).
- ColdFusion 9.0.2, 9.0.1 and 9.0 on JRun
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion 10 for Windows, Macintosh and Linux (CVE-2013-3349 not affected).
- ColdFusion 9.0.2, 9.0.1 and 9.0 on JRun
More information can be read from Adobe's security bulletin.
Labels:
adobe,
coldfusion,
security,
update,
vulnerability
Shockwave Player Update Available
Adobe have released an updated version of their Shockwave Player. The new version fixes one security vulnerability that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.
Users of Adobe Shockwave Player 12.0.2.122 and earlier should update to Adobe Shockwave Player 12.0.3.133.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.0.2.122 and earlier should update to Adobe Shockwave Player 12.0.3.133.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Labels:
adobe,
security,
shockwave player,
update,
vulnerability
Adobe Flash Player Updates Available
Adobe have released updated version of their Flash Player . The new version fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.64 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.64 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For July 2013
Microsoft have released security updates for July 2013. This month update contains seven security bulletins of which six critical and one important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Friday, July 5, 2013
ESET Global Threat Report for June 2013
ESET have published a report discussing global threats of June 2013.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. HTML/ScrInject (3.)
3. INF/Autorun (2.)
4. JS/Kryptik.ALB (-)
5. Win32/Sality (4.)
6. HTML/Iframe (5.)
7. Win32/Dorkbot (6.)
8. Win32/Conficker (7.)
9. Win32/Ramnit (8.)
10. Win32/Qhost (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. HTML/ScrInject (3.)
3. INF/Autorun (2.)
4. JS/Kryptik.ALB (-)
5. Win32/Sality (4.)
6. HTML/Iframe (5.)
7. Win32/Dorkbot (6.)
8. Win32/Conficker (7.)
9. Win32/Ramnit (8.)
10. Win32/Qhost (9.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Subscribe to:
Posts (Atom)