Sunday, December 28, 2014

Vulnerability In UnZip

The UnZip is an open source tool used for extracting zip format archives. There has been found a buffer overflow vulnerability which can be exploited to execute arbitrary code in target system. The vulnerability can be triggered by using -t parameter (unzip -t) while extracting a specially crafted .zip file.

Affected are UnZip 6.0 and earlier versions. At the moment there is no patch available. While waiting for a fresh version of UnZip to be available it's recommended to extract zip files without using -t parameter.

More information can be read here.

Monday, December 15, 2014

Symantec Intelligence Report: November 2014

Symantec have published their Intelligence report that sums up the latest threat trends for November 2014.

Report highlights:
- Over 41 percent of email-borne malware contained a link to a malicious or compromised website. URL malware had been present in 3 to 16 percent of malicious emails each month, until this recent surge.
- Kelihos and Gamut are the top two most active botnets in November, comprising 19.2 and 18.8 percent respectively.
- Crypto- ransomware made up 38 percent of all ransomware seen in the month of November.


The report (in PDF format) can be viewed here.

ESET Global Threat Report for November 2014

ESET have published a report discussing global threats of November 2014.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. Win32/Adware.MultiPlug (5.)
4. Win32/TrojanDownloader.Wauchos (-)
5. Win32/Sality (8.)
6. LNK/Agent.AK (7.)
7. JS/Kryptik.I (3.)
8. INF/Autorun (10.)
9. Win32/Ramnit (-)
10. HTML/ScrInject (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, December 12, 2014

Adobe ColdFusion Hotfixes Available

Adobe have released updated versions of ColdFusion web application development platform. These hotfixes address a resource consumption issue that could potentially result in a denial of service (CVE-2014-9166).

Affected versions:
- ColdFusion 11 and 10


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.09 and earlier
Adobe Acrobat 11.0.09 and earlier

*of series X (10.x)
Adobe Reader 10.1.12 and earlier
Adobe Acrobat 10.1.12 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, December 10, 2014

Adobe Flash Player Updates Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 15.0.0.239 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235

- Users of Adobe Flash Player 11.2.202.424 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.425

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

ESET Global Threat Report for October 2014

ESET have published a report discussing global threats of October 2014.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. JS/Kryptik.I (3.)
4. Win32/RiskWare.NetFilter (5.)
5. Win32/Adware.MultiPlug (4.)
6. HTML/ScrInject (-)
7. LNK/Agent.AK (6.)
8. Win32/Sality (7.)
9. HTML/Iframe (8.)
10. INF/Autorun (10.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Microsoft Security Updates For December 2014

Microsoft have released security updates for December 2014. This month update contains seven security bulletins of which three categorized as critical and four as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Thursday, December 4, 2014

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, three as high and three as moderate.

Affected products are:
- Mozilla Firefox earlier than 34
- Mozilla Firefox ESR earlier than 31.3
- Mozilla Thunderbird earlier than 31.3

Links to the security advisories with details about addressed security issues:
MSFA-2014-91 Privileged access to security wrapped protected objects
MSFA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
MSFA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
MSFA-2014-88 Buffer overflow while parsing media content
MSFA-2014-87 Use-after-free during HTML5 parsing
MSFA-2014-86 CSP leaks redirect data via violation reports
MSFA-2014-85 XMLHttpRequest crashes with some input streams
MSFA-2014-84 XBL bindings accessible via improper CSS declarations
MSFA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)



Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird