New Versions Of Wireshark Released

There have been found and fixed some vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities protocol analyzers in Wireshark can be prevented from working.

Vulnerable versions:
- Wireshark 1.8 series from version 1.8.0 to 1.8.8
- Wireshark 1.10.0

Non vulnerable version of Wireshark can be downloaded here.

More information about the contents of new versions can be read from release notes:
1.8.9
1.10.1

ISC Diary entry about the update can be viewed here.

Symantec Intelligence Report: June 2013

Symantec have published their Intelligence report that sums up the latest threat trends for June 2013.

Report highlights:
- The total number of vulnerabilities in 2013 is up 16 percent, as compared to the same time period in 2012.
- The number of zero day vulnerabilities found in the first half of 2013 is 12, compared to 14 in all of 2012.
- Automated phishing toolkits account for close to 47 percent of all phishing attacks to date in 2013.


The report (in PDF format) can be viewed here.

IBM Security Updates July 2013

IBM have released their software update (Synchronized Security Release, SSR) for July. Updates fix eight vulnerabilities in IBM Java Runtime Environment (JRE).

Affected versions:
- IBM Java JRE 1.4.2 prior version 1.4.2 SR13-FP18
- IBM Java JRE 5.0 prior version 5.0.0 SR16-FP3
- IBM Java JRE 6 prior versions 6.0.0 SR14 and 6.0.1 SR6
- IBM Java JRE 7 prior version 7.0.0 SR5

More information in the related alert

Oracle Critical Patch Update For Q3 of 2013

Oracle have released updates for their products that fix 89 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2013.

Google Chrome Updated

Google have released version 28.0.1500.71 of their Chrome web browser. New version contains fixes to 15 vulnerabilities:

-one critical (CVE-2013-2870)

-four high (CVE-2013-2879, CVE-2013-2871, CVE-2013-2873, CVE-2013-2880)

-seven medium (CVE-2013-2868, CVE-2013-2869, CVE-2013-2853, CVE-2013-2874 Windows + NVIDIA only, CVE-2013-2875, CVE-2013-2876, CVE-2013-2878)

-three low (CVE-2013-2867, CVE-2013-2872 Mac only, CVE-2013-2877)

More information in Google Chrome Releases blog.

Adobe ColdFusion Update Available

Adobe have released updated version of ColdFusion web application development platform. The new version fix two vulnerabilities. A vulnerability (CVE-2013-3350) that could allow an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets, and a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun.

Affected versions:
- ColdFusion 10 for Windows, Macintosh and Linux (CVE-2013-3349 not affected).
- ColdFusion 9.0.2, 9.0.1 and 9.0 on JRun

More information can be read from Adobe's security bulletin.

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes one security vulnerability that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.0.2.122 and earlier should update to Adobe Shockwave Player 12.0.3.133.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player Updates Available

Adobe have released updated version of their Flash Player . The new version fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94

- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94

- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297

- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69 (applicable only for Flash Player installed before August 15, 2012)

- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.64 (applicable only for Flash Player installed before August 15, 2012)

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For July 2013

Microsoft have released security updates for July 2013. This month update contains seven security bulletins of which six critical and one important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

ESET Global Threat Report for June 2013

ESET have published a report discussing global threats of June 2013.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. HTML/ScrInject (3.)
3. INF/Autorun (2.)
4. JS/Kryptik.ALB (-)
5. Win32/Sality (4.)
6. HTML/Iframe (5.)
7. Win32/Dorkbot (6.)
8. Win32/Conficker (7.)
9. Win32/Ramnit (8.)
10. Win32/Qhost (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).