Sunday, August 31, 2014

How to improve your Twitter security and privacy

If you are a Twitter user you may be interested in knowing how to make your Twitter use more secure. Louisa Hardwick from Sophos has wrapped up a nice blog post writing about how to make Twitter use more secure by adjusting Twitter security and privacy settings. The blog post can be viewed here:
http://nakedsecurity.sophos.com/2014/08/26/how-to-improve-your-twitter-security-and-privacy/

Thursday, August 28, 2014

Google Chrome Updated

Google have released version 37.0.2062.94 of their Chrome web browser. New version contains fixes to 50 security issues among other fixed issues.

More information about these in Google Chrome Releases blog.

Saturday, August 16, 2014

Symantec Intelligence Report: July 2014

Symantec have published their Intelligence report that sums up the latest threat trends for July 2014.

Report highlights:
- The .doc file type continues to be the most common attachment type used in spear-phishing attacks, followed by .exe files.
- The largest data breach reported in July resulted in the exposure of 900,000 identities.
- Of the mobile threats discovered in the last 12 months, 24 percent steal information from the device and 22 percent track the device’s user.


The report (in PDF format) can be viewed here.

Wednesday, August 13, 2014

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a vulnerability in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerability (CVE-2014-0546) could allow an attacker to circumvent sandbox protection on the Windows platform.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.07 and earlier
Adobe Acrobat 11.0.07 and earlier

*of series X (10.x)
Adobe Reader 10.1.10 and earlier
Adobe Acrobat 10.1.10 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.176 (Windows NPAPI plugin for Firefox version is 14.0.0.179)

- Users of Adobe Flash Player 11.2.202.394 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.400

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of the Adobe AIR 14.0.0.137 SDK and earlier versions should update to the Adobe AIR 14.0.0.178 SDK.

- Users of the Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.178 SDK & Compiler.

- Users of Adobe AIR 14.0.0.137 and earlier versions for Android should update to Adobe AIR 14.0.0.179.

- Users of Adobe AIR 14.0.0.137 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.178.


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For August 2014

Microsoft have released security updates for August 2014. This month update contains nine security bulletins of which two categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, August 12, 2014

Critical Vulnerability In WordPress Plugin

There has been found a critical vulnerability in Custom Contact Forms WordPress plugin. The vulnerability allows an attacker to download and modify database remotely.

Affected are Custom Contact Forms 5.1.0.3 and earlier versions.

Fixed version can be downloaded here.

More information here.

Sunday, August 10, 2014

Internet Explorer To Block Outdated ActiveX Controls

Starting August 12th Microsoft is going to release an update for Internet Explorer that will start blocking out-of-date ActiveX controls. "ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious or compromised Web pages can target security flaws in outdated controls to collect information, install dangerous software, or by let someone else control your computer remotely."

More information about the upcoming feature can be read from the related blog post.

Tuesday, August 5, 2014

Vulnerability In Wireshark

There has been found a vulnerability in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerability an attacker may be able to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Vulnerable dissector components are: Catapult DCT2000, IrDA, RLC, ASN.1 BER. GTP- and GSM Management.

Vulnerable versions are: 1.10.0 - 1.10.8

Non vulnerable version of Wireshark 1.10.x series can be downloaded here. The latest stable version, Wireshark 1.12.0 can be downloaded here.

More information can be read from the related advisories:
- wnpa-sec-2014-08
- wnpa-sec-2014-09
- wnpa-sec-2014-10
- wnpa-sec-2014-11