Security researchers have spot in-the-wild exploit that targets vulnerability CVE-2013-2463 in Java 6. Since Java 6 has been retired (further updates are available for paying customers only) only option is to upgrade to latest Java 7 version (currently update 25).
Source: InformationWeek article
If Java is not needed then even better option is to uninstall completely or at least turn it off in web browsers (instructions).
Saturday, August 31, 2013
Opera 16 Released
Opera have released version 16 of their Opera web browser. Among bug fixes new version contains some new features.
Latest version can be downloaded here.
Latest version can be downloaded here.
Thursday, August 29, 2013
RealPlayer Update
RealNetworks has released updated version of their RealPlayer. New version contains fixes to two vulnerabilities.
Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.
Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.
Saturday, August 24, 2013
Symantec Intelligence Report: July 2013
Symantec have published their Intelligence report that sums up the latest threat trends for July 2013.
Report highlights:
- So far in 2013, 43 percent of mobile malware tracks users, up from 15 percent in 2012. Adware/Annoyance risks have also increased, from 8 percent in 2012 to 23 percent this year.
- Of the data breaches reported so far in 2013, 62 percent contain a person’s real name. Birth dates and government ID numbers (e.g. Social Security) numbers appear in 39 percent of breaches.
- The global spam rate rose 3.4 percentage points in July to 67.6 percent, up from 64.2 percent in June.
The report (in PDF format) can be viewed here.
Report highlights:
- So far in 2013, 43 percent of mobile malware tracks users, up from 15 percent in 2012. Adware/Annoyance risks have also increased, from 8 percent in 2012 to 23 percent this year.
- Of the data breaches reported so far in 2013, 62 percent contain a person’s real name. Birth dates and government ID numbers (e.g. Social Security) numbers appear in 39 percent of breaches.
- The global spam rate rose 3.4 percentage points in July to 67.6 percent, up from 64.2 percent in June.
The report (in PDF format) can be viewed here.
Thursday, August 22, 2013
New Version of Chrome Released
Google have released version 29.0.1547.57 of their Chrome web browser. New version contains fixes to 25 security vulnerabilities.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Wednesday, August 14, 2013
Microsoft Security Updates For August 2013
Microsoft have released security updates for August 2013. This month update contains eight security bulletins of which three critical and five important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Wednesday, August 7, 2013
ESET Global Threat Report for July 2013
ESET have published a report discussing global threats of July 2013.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. HTML/ScrInject (2.)
3. INF/Autorun (3.)
4. Win32/Sality (5.)
5. HTML/Iframe (6.)
6. Win32/Dorkbot (7.)
7. Win32/Conficker (8.)
8. JS/Chromex.FBook (-)
9. Win32/Ramnit (9.)
10. Win32/Qhost (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. HTML/ScrInject (2.)
3. INF/Autorun (3.)
4. Win32/Sality (5.)
5. HTML/Iframe (6.)
6. Win32/Dorkbot (7.)
7. Win32/Conficker (8.)
8. JS/Chromex.FBook (-)
9. Win32/Ramnit (9.)
10. Win32/Qhost (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Mozilla Product Updates Released
Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, seven as high, one as moderate and one as low.
Affected products are:
- Mozilla Firefox earlier than 23.0
- Mozilla Firefox ESR earlier than 17.0.8
- Mozilla Thunderbird earlier than 17.0.8
- Mozilla Thunderbird ESR earlier than 17.0.8
- Mozilla SeaMonkey earlier than 2.20
Links to the security advisories with details about addressed security issues:
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Affected products are:
- Mozilla Firefox earlier than 23.0
- Mozilla Firefox ESR earlier than 17.0.8
- Mozilla Thunderbird earlier than 17.0.8
- Mozilla Thunderbird ESR earlier than 17.0.8
- Mozilla SeaMonkey earlier than 2.20
Links to the security advisories with details about addressed security issues:
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Friday, August 2, 2013
Vulnerabilities Fixed In PhpMyAdmin
phpMyAdmin is a free software tool that can be used to administrate MySQL databases. There have been found and fixed several vulnerabilities.
Affected versions:
- phpMyAdmin 3.5.8.1 and earlier versions
- phpMyAdmin 4.0.4.1 and earlier versions
Fixed versions of phpMyAdmin can be downloaded here.
Affected versions:
- phpMyAdmin 3.5.8.1 and earlier versions
- phpMyAdmin 4.0.4.1 and earlier versions
Fixed versions of phpMyAdmin can be downloaded here.
Google Chrome Updated
Google have released version 28.0.1500.95 of their Chrome web browser. New version contains fixes to 11 vulnerabilities.
More information in Google Chrome Releases blog.
More information in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)
