Monday, January 27, 2014

ITunes 11.1.4 Released

Apple have released version 11.1.4 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 11.1.4 can be read from related security advisory.

Old version users should update to the latest one available.

Sunday, January 26, 2014

Symantec Intelligence Report: December 2013

Symantec have published their Intelligence report that sums up the latest threat trends for December 2013.

Report highlights:
- The email virus rate increased for the second month in a row, reaching an annual high of one in 164 emails.
- Two out of every five targeted attacks occurred in Service industry categories during December.
- The overall number of data breaches reported is up, though many of those reported in December occurred in previous months.


The report (in PDF format) can be viewed here.

Tuesday, January 21, 2014

VMWare Updates Available

VMware has released security update to patch a bunch of vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation 9.x prior to version 9.0
- VMware Player 5.x prior to version 5.0
- VMware Fusion 5.x prior to version 5.0
- VMware ESXi 5.1 without patch ESXi510-201401101
- VMware ESXi 5.0 without patch ESXi500-201310101
- VMware ESXi 4.1 without patch ESXi410-201312401
- VMware ESXi 4.0 without patch ESXi400-201310401
- VMware ESX 4.1 without patch ESX410-201312401
- VMware ESX 4.0 without patch ESX400-201310401
- vCloud Director 5.1.x prior to version 5.1.3


Further information including updating instructions can be read from VMware's security advisory.

Friday, January 17, 2014

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
   
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
   
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.

- Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update
   
- Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.

- Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.

- Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.

- Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler.


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.05 and earlier
Adobe Acrobat 11.0.05 and earlier

*of series X (10.x)
Adobe Reader 10.1.8 and earlier
Adobe Acrobat 10.1.8 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard, Pro and Extended

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, January 15, 2014

Oracle Critical Patch Update For Q1 of 2014

Oracle have released updates for their products that fix 144 security issues (including 36 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2014.

Microsoft Security Updates For January 2014

Microsoft have released security updates for January 2014. This month update contains four security bulletins of which all categorized as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, January 14, 2014

Google Chrome Updated

Google have released version 32.0.1700.76 of their Chrome web browser. Among other bug fixes the new version contains fixes to 21 security issues. Flash Player in Chrome is updated too.

More information in Google Chrome Releases blog.

Thursday, January 9, 2014

ESET Global Threat Report for December 2013

ESET have published a report discussing global threats of December 2013.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (2.)
3. Win32/Sality (3.)
4. INF/Autorun (4.)
5. HTML/ScrInject (5.)
6. Win32/Conficker (7.)
7. Win32/Dorkbot (6.)
8. Win32/Ramnit (9.)
9. Win32/TrojanDownloader.Wauchos (-)
10. Win32/Virut (-)



Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Drive-by Download Attacks: Examining the Web Server Platforms Attackers Use Most Often

Drive-by download attacks is one of the most common ways to infect affected system with malware. Tim Rains, the Director of Trustworthy Computing at Microsoft, have written interesting blog post titled as "Drive-by Download Attacks: Examining the Web Server Platforms Attackers Use Most Often". It can be read here.

Saturday, January 4, 2014

CryptoLocker Malware Spreading Via Removable Drives

Ransoms asking malware, named as CryptoLocker, raised its head first time on fall. Security company Trend Micro write in their blog about a new CryptoLocker variant that is able to spread via removable drives. The blog post can be read here.

Trend Micro have collected an info guide about defending against CryptoLocker.