Monday, September 29, 2014

Google Chrome Updated

Google have released version 37.0.2062.124 of their Chrome web browser. New version contains fixes to one security issue (CVE-2014-1568).

More information about these in Google Chrome Releases blog.

Friday, September 26, 2014

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a critical vulnerability.

Affected products are:
- Mozilla Firefox earlier than 32.0.3
- Mozilla Firefox ESR earlier than 24.8.1 and 31.1.1
- Mozilla Thunderbird earlier than 31.1.2
- Mozilla Thunderbird earlier than 24.8.1
- SeaMonkey 2.29.1

Link to the security advisory with details about addressed security issue:
MFSA 2014-73 RSA Signature Forgery in NSS


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Seamonkey

Tuesday, September 23, 2014

Symantec Intelligence Report: August 2014

Symantec have published their Intelligence report that sums up the latest threat trends for August 2014.

Report highlights:
- While there has been a general decline in ransomware threats since March 2014, the overall volume of crypto-style ransomware has increased over 700 percent since January.
- The largest data breach reported in August resulted in the exposure of 27 million identities. For the month, 31 million identities were exposed.
- The average number of spear-phishing attacks dropped to 20 per day in August, the lowest seen in the last twelve months.


The report (in PDF format) can be viewed here.

Tuesday, September 16, 2014

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.08 and earlier
Adobe Acrobat 11.0.08 and earlier

*of series X (10.x)
Adobe Reader 10.1.11 and earlier
Adobe Acrobat 10.1.11 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 37.0.2062.120 of their Chrome web browser. New version contains fixes to four security issues. Also, Adobe Flash has been updated.

More information about these in Google Chrome Releases blog.

Wednesday, September 10, 2014

ESET Global Threat Report for August 2014

ESET have published a report discussing global threats of August 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. JS/Kryptik.I (2.)
3. Win32/Adware.MultiPlug (7.)
4. Win32/RiskWare.NetFilter (3.)
5. LNK/Agent.AK (4.)
6. Win32/Sality (5.)
7. INF/Autorun (8.)
8. HTML/ScrInject (6.)
9. Win32/Ramnit (-)
10. Win32/Conficker (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 14.0.0.179 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 15.0.0.152

- Users of Adobe Flash Player 11.2.202.400 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.406

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of the Adobe AIR 14.0.0.178 SDK and earlier versions should update to the Adobe AIR 15.0.0.249 SDK.

- Users of the Adobe AIR 14.0.0.178 SDK & Compiler and earlier versions should update to the Adobe AIR 15.0.0.249 SDK & Compiler.

- Users of Adobe AIR 14.0.0.179 and earlier versions for Android should update to Adobe AIR 15.0.0.252.

- Users of Adobe AIR 14.0.0.178 and earlier versions for Windows and Macintosh should update to Adobe 15.0.0.249.


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2014

Microsoft have released security updates for September 2014. This month update contains four security bulletins of which one categorized as critical and three as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, September 8, 2014

ESET Global Threat Report for July 2014

ESET have published a report discussing global threats of July 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. JS/Kryptik.I (2.)
3. Win32/RiskWare.NetFilter (-)
4. LNK/Agent.AK (3.)
5. Win32/Sality (4.)
6. HTML/ScrInject (8.)
7. Win32/Adware.MultiPlug (-)
8. INF/Autorun (5.)
9. Win32/Conficker (6.)
10. Win32/TrojanDownloader.Zurgop (-)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, September 5, 2014

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, two as high and one as moderate.

Affected products are:
- Mozilla Firefox earlier than 32
- Mozilla Firefox ESR earlier than 24.8 and 31.1
- Mozilla Thunderbird earlier than 31.1
- Mozilla Thunderbird earlier than 24.8

Links to the security advisories with details about addressed security issues:
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-71 Profile directory file access through file: protocol
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird