Saturday, August 31, 2013

Java 6 Vulnerability Exploited

Security researchers have spot in-the-wild exploit that targets vulnerability CVE-2013-2463 in Java 6. Since Java 6 has been retired (further updates are available for paying customers only) only option is to upgrade to latest Java 7 version (currently update 25).

Source: InformationWeek article

If Java is not needed then even better option is to uninstall completely or at least turn it off in web browsers (instructions).

Opera 16 Released

Opera have released version 16 of their Opera web browser. Among bug fixes new version contains some new features.

Latest version can be downloaded here.

Thursday, August 29, 2013

RealPlayer Update

RealNetworks has released updated version of their RealPlayer. New version contains fixes to two vulnerabilities.

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Saturday, August 24, 2013

Symantec Intelligence Report: July 2013

Symantec have published their Intelligence report that sums up the latest threat trends for July 2013.

Report highlights:
- So far in 2013, 43 percent of mobile malware tracks users, up from 15 percent in 2012. Adware/Annoyance risks have also increased, from 8 percent in 2012 to 23 percent this year.
- Of the data breaches reported so far in 2013, 62 percent contain a person’s real name. Birth dates and government ID numbers (e.g. Social Security) numbers appear in 39 percent of breaches.
- The global spam rate rose 3.4 percentage points in July to 67.6 percent, up from 64.2 percent in June.


The report (in PDF format) can be viewed here.

Thursday, August 22, 2013

New Version of Chrome Released

Google have released version 29.0.1547.57 of their Chrome web browser. New version contains fixes to 25 security vulnerabilities.

More information in Google Chrome Releases blog.

Wednesday, August 14, 2013

Microsoft Security Updates For August 2013

Microsoft have released security updates for August 2013. This month update contains eight security bulletins of which three critical and five important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Wednesday, August 7, 2013

ESET Global Threat Report for July 2013

ESET have published a report discussing global threats of July 2013.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. HTML/ScrInject (2.)
3. INF/Autorun (3.)
4. Win32/Sality (5.)
5. HTML/Iframe (6.)
6. Win32/Dorkbot (7.)
7. Win32/Conficker (8.)
8. JS/Chromex.FBook (-)
9. Win32/Ramnit (9.)
10. Win32/Qhost (10.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, seven as high, one as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 23.0
- Mozilla Firefox ESR earlier than 17.0.8
- Mozilla Thunderbird earlier than 17.0.8
- Mozilla Thunderbird ESR earlier than 17.0.8
- Mozilla SeaMonkey earlier than 2.20

Links to the security advisories with details about addressed security issues:
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Friday, August 2, 2013

Vulnerabilities Fixed In PhpMyAdmin

phpMyAdmin is a free software tool that can be used to administrate MySQL databases. There have been found and fixed several vulnerabilities.

Affected versions:
- phpMyAdmin 3.5.8.1 and earlier versions
- phpMyAdmin 4.0.4.1 and earlier versions

Fixed versions of phpMyAdmin can be downloaded here.

Google Chrome Updated

Google have released version 28.0.1500.95 of their Chrome web browser. New version contains fixes to 11 vulnerabilities.

More information in Google Chrome Releases blog.