Wednesday, March 27, 2013

New Google Chrome Version Released

Google have released version 26.0.1410.43 of their Chrome web browser. New version contains fixes to 11 vulnerabilities:

-two high (CVE-2013-0916 and CVE-2013-0921)

-four medium (Linux only CVE-2013-0919, CVE-2013-0920, CVE-2013-0923 and CVE-2013-0926)

-five low (CVE-2013-0917, CVE-2013-0918, CVE-2013-0922, CVE-2013-0924 and CVE-2013-0925)


More information in Google Chrome Releases blog.

Monday, March 18, 2013

Symantec Intelligence Report: February 2013

Symantec have published their Intelligence report that sums up the latest threat trends for February 2013.

Report highlights:
- Spam – 65.9 percent (an increase of 1.8 percentage points since January)
- Phishing – One in 466.3 emails identified as phishing (an increase of 0.018 percentage points since January)
- Malware – One in 408.2 emails contained malware (a decrease of 0.11 percentage points since January)
- Malicious websites – 1,530 websites blocked per day (a decrease of 32.2 percent since January)

The report can be viewed here.

ESET Global Threat Report for February 2013

ESET have published a report discussing global threats of February 2013.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. HTML/Iframe.B (2.)
3. Win32/Sality (5.)
4. HTML/ScrInject.B (3.)
5. Win32/Dorkbot (8.)
6. Win32/Ramnit (7.)
7. Win32/Conficker (6.)
8. Win32/Qhost (4.)
9. JS/TrojanDownloader.Iframe.NKE (9.)
10. Win32/Virut (32.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, March 13, 2013

Adobe Flash Player and Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.180
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.180
- Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275
- Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48 (applicable only for Flash Player installed before August 15, 2012)
- Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x versions should update to Flash Player 11.1.111.44 (applicable only for Flash Player installed before August 15, 2012)
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 will be updated via Windows Update
- Users of Adobe AIR 3.6.0.597 and earlier versions for Windows should update to Adobe AIR 3.6.0.6090
- Users of Adobe AIR 3.6.0.597 and earlier versions for Macintosh should update to Adobe AIR 3.6.0.6090
- Users of Adobe AIR 3.6.0.597 and earlier versions for Android should update to Adobe AIR 3.6.0.6090
- Users of the Adobe AIR 3.6.0.597 SDK should update to the Adobe AIR 3.6.0.6090 SDK

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For March 2013

Microsoft have released security updates for March 2013. This month update contains seven security bulletins of which four critical and three important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, March 11, 2013

New Update To Chrome

Google have released version 25.0.1364.160 of their Chrome web browser. New version contains a fix to 'high' categorized vulnerability (CVE-2013-0912).

More information in Google Chrome Releases blog.

Security Updates To Mozilla Products

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a critical vulnerability (CVE-2013-0787).

Affected products are:
- Mozilla Firefox earlier than 19.0.2
- Mozilla Firefox ESR earlier than 17.0.4
- Mozilla Thunderbird earlier than 17.0.4
- Mozilla Thunderbird ESR earlier than 17.0.4
- Mozilla SeaMonkey earlier than 2.16.1

Link to the security advisory with details about addressed security issue:
MFSA 2013-29 Use-after-free in HTML Editor


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Thursday, March 7, 2013

Google Chrome Updated

Google have released version 25.0.1364.152 of their Chrome web browser. New version contains fixes to 10 vulnerabilities:

-six high (CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906 and CVE-2013-0911)

-three medium (CVE-2013-0907, CVE-2013-0908 and CVE-2013-0910)

-one low (CVE-2013-0909)


More information in Google Chrome Releases blog.

Tuesday, March 5, 2013

Java Security Updates From Oracle

Oracle have released update for Java JRE & JDK. The update fixes two vulnerabilities (CVE-2013-0809 and CVE-2013-1493).

Affected versions are:
- Java 7 JRE and JDK update 15 and earlier
- Java 6 JRE and JDK update 41 and earlier
- Java 5.0 JRE and JDK update 40 and earlier

More information about the update can be read from here.

Java users are recommended to update their versions to the latest one available as soon as possible.