Wednesday, June 24, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194

- Users of Adobe Flash Player 11.2.202.466 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.468

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 43.0.2357.130 of their Chrome web browser. Among other fixes the new version contains fixes to some security issues.

More information about these in Google Chrome Releases blog.

Friday, June 19, 2015

Symantec Intelligence Report: May 2015

Symantec have published their Intelligence report that sums up the latest threat trends for May 2015.

Report highlights:
- Almost 43 percent of spear-phishing attacks were directed at organizations with less than 250 employees during May, up from 31 percent in April.
- Small organizations were most likely to be targeted by malicious email in the month of May as well, where one in 141 emails contained a threat.
- There were more than 44.5 million new pieces of malware created in May, up from 29.2 million created in April.
- The overall email spam rate further declined in May, dropping 0.6 percentage points to 51.5 percent.


The report (in PDF format) can be viewed here.

ESET Global Threat Report for May 2015

ESET have published a report discussing global threats of May 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Adware.MultiPlug (1.)
2. WIN32/Bundpil (2.)
3. JS/Kryptik.I (3.)
4. LNK/Agent.AV (5.)
5. Win32/AdWare.ConvertAd (9.)
6. Win32/Sality (6.)
7. Win32/Ramnit (7.)
8. INF/Autorun (-)
9. Win32/Packed.VMProtect.AAA (-)
10. LNK/Agent.AK (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Monday, June 15, 2015

Google Chrome Updated

Google have released version 43.0.2357.124 of their Chrome web browser. The new version contains a new version of Adobe Flash (18.0.0.160).

More information about the update in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 17.0.0.188 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160

- Users of Adobe Flash Player 11.2.202.460 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.466

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 17.0.0.172 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.144 SDK & Compiler

- Users of Adobe AIR 17.0.0.172 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.144.

- Users of Adobe AIR for Android 17.0.0.144 and earlier versions should update to Adobe AIR 18.0.0.143.

More information can be read from Adobe's security bulletin.

Wednesday, June 10, 2015

Microsoft Security Updates For June 2015

Microsoft have released security updates for June 2015. This month update contains eight security bulletins of which two categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, June 8, 2015

"Turn It On" The Ultimate Guide To Two-Factor Authentication

TeleSign has launched a campaign to encourage more users to enable two-factor authentication (2FA) security controls for their online accounts. Turn It On website gives detailed instructions how to do this for Facebook, Twitter, Gmail, Apple and numerous other accounts.

According to the TeleSign's Consumer Account Security Report 80 percent of consumers are worried about their online security, but only 30 percent are confident that passwords adequately protect their online accounts. Additionally, about 70 percent are in search of additional help to secure accounts.

With the launch of the Turn It On campaign and access to the free online 2FA guide, consumers now have a simple, easy-to-understand tool for adding additional security online.

MalumPoS Malware Discovered

Trend Micro has discovered MalumPoS named attack tool that threat actors can be reconfigured to breach any PoS (point-of-sale) system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle MICROS, a platform popularly used in the hospitality, food and beverage, and retail industries. A bulk of the companies using MICROS is mostly concentrated in the United States.


Complete blog post with details can be read here.