Ransomware has become one of the biggest type of malicious software. As its name says it asks affected user for a ransom. Fedor Sinitsyn from Kaspersky Lab writes about the latest one, Onion (aka Critoni), in his blog post.
The blog post can be read here.
Tuesday, July 29, 2014
Saturday, July 26, 2014
Google Chrome Updated
Google have released version 36.0.1985.125 of their Chrome web browser. Among 26 security fixes and other bug fixes the new version contains some new improvements.
More information about these in Google Chrome Releases blog.
More information about these in Google Chrome Releases blog.
Mozilla Product Updates Released
Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, five as high, two as moderate and one as low.
Affected products are:
- Mozilla Firefox earlier than 31
- Mozilla Firefox ESR 24.x earlier than 24.7
- Mozilla Thunderbird earlier than 31
- Mozilla Thunderbird earlier than 24.7
Links to the security advisories with details about addressed security issues:
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Affected products are:
- Mozilla Firefox earlier than 31
- Mozilla Firefox ESR 24.x earlier than 24.7
- Mozilla Thunderbird earlier than 31
- Mozilla Thunderbird earlier than 24.7
Links to the security advisories with details about addressed security issues:
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Monday, July 21, 2014
Oracle Critical Patch Update For Q3 of 2014
Oracle have released updates for their products that fix 113 security issues (including 20 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2014.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2014.
Friday, July 18, 2014
Symantec Intelligence Report: June 2014
Symantec have published their Intelligence report that sums up the latest threat trends for June 2014.
Report highlights:
- There was an average of 88 spear-phishing attacks per day in June.
- The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family.
- The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.
The report (in PDF format) can be viewed here.
Report highlights:
- There was an average of 88 spear-phishing attacks per day in June.
- The number of Android variants per family reached the lowest levels seen in the last twelve months, at 18 variants per family.
- The largest data breach reported in June took place in May, and resulted in the exposure of 1.3 million identities.
The report (in PDF format) can be viewed here.
Friday, July 11, 2014
ESET Global Threat Report for June 2014
ESET have published a report discussing global threats of June 2014.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. JS/Kryptik.I (-)
3. LNK/Agent.AK (2.)
4. Win32/Sality (3.)
5. INF/Autorun (5.)
6. Win32/Conficker (7.)
7. Win32/Ramnit (8.)
8. HTML/ScrInject (4.)
9. HTML/Iframe (-)
10. Win32/Dorkbot (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (1.)
2. JS/Kryptik.I (-)
3. LNK/Agent.AK (2.)
4. Win32/Sality (3.)
5. INF/Autorun (5.)
6. Win32/Conficker (7.)
7. Win32/Ramnit (8.)
8. HTML/ScrInject (4.)
9. HTML/Iframe (-)
10. Win32/Dorkbot (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Thursday, July 10, 2014
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.145
- Users of Adobe Flash Player 11.2.202.378 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.394
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update
- Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK.
- Users of the Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.137 SDK & Compiler.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Android should update to Adobe AIR 14.0.0.137.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.137.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.145
- Users of Adobe Flash Player 11.2.202.378 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.394
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update
- Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK.
- Users of the Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.137 SDK & Compiler.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Android should update to Adobe AIR 14.0.0.137.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.137.
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For July 2014
Microsoft have released security updates for July 2014. This month update contains six security bulletins of which three categorized as critical, two as important and one as moderate.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Saturday, July 5, 2014
PHP Versions 5.5.14 and 5.4.30 Released
PHP development team has released 5.5.14 and 5.4.30 versions of the PHP scripting language. New versions contain several bug fixes to vulnerabilities which may allow an attacker to execute arbitrary code in affected system. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs can be viewed here.
Changelogs can be viewed here.
Subscribe to:
Posts (Atom)
