Symantec have published their Intelligence report that sums up the latest threat trends for June 2015.
Report highlights:
- At 49.7 percent, the overall spam rate has dropped below 50 percent for the first time since September, 2003.
- There were 57.6 million new malware variants created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April.
- Ransomware attack has increased for the second month in a row and crypto-ransomware has reached its highest levels since December 2014.
The report (in PDF format) can be viewed here.
Monday, July 20, 2015
Oracle Critical Patch Update For Q3 of 2015
Oracle have released updates for their products that fix 193 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2015.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2015.
ESET Global Threat Report for June 2015
ESET have published a report discussing global threats of June 2015.
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (2.)
2. Win32/Adware.MultiPlug (1.)
3. LNK/Agent.BO (-)
4. JS/Kryptik.I (3.)
5. LNK/Agent.AV (4.)
6. Win32/AdWare.ConvertAd (5.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. INF/Autorun (8.)
10. LNK/Agent.BM (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. WIN32/Bundpil (2.)
2. Win32/Adware.MultiPlug (1.)
3. LNK/Agent.BO (-)
4. JS/Kryptik.I (3.)
5. LNK/Agent.AV (4.)
6. Win32/AdWare.ConvertAd (5.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. INF/Autorun (8.)
10. LNK/Agent.BM (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Thursday, July 16, 2015
Google Chrome Updated
Google have released version 43.0.2357.134 of their Chrome web browser. The new version contains updated Adobe Flash Player (18.0.0.209). More information about changes in Google Chrome Releases blog.
Wednesday, July 15, 2015
Microsoft Security Updates For July 2015
Microsoft have released security updates for July 2015. This month update contains 14 security bulletins of which four categorized as critical and ten as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.007.20033 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30033 and earlier
*of series XI (11.x)
Adobe Reader 11.0.11 and earlier
Adobe Acrobat 11.0.11 and earlier
*of series X (10.x)
Adobe Reader 10.1.14 and earlier
Adobe Acrobat 10.1.14 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.007.20033 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30033 and earlier
*of series XI (11.x)
Adobe Reader 11.0.11 and earlier
Adobe Acrobat 11.0.11 and earlier
*of series X (10.x)
Adobe Reader 10.1.14 and earlier
Adobe Acrobat 10.1.14 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Labels:
acrobat,
adobe,
pdf reader,
security,
update,
vulnerability
Shockwave Player Update Available
Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.
Users of Adobe Shockwave Player 12.1.8.158 and earlier should update to Adobe Shockwave Player 12.1.9.159.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.1.8.158 and earlier should update to Adobe Shockwave Player 12.1.9.159.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Labels:
adobe,
security,
shockwave player,
update,
vulnerability
Adobe Flash Player Update Available
Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.209
- Users of Adobe Flash Player 11.2.202.481 and earlier versions for Linux: Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.209
- Users of Adobe Flash Player 11.2.202.481 and earlier versions for Linux: Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Friday, July 10, 2015
Google Chrome Updated
Google have released version 43.0.2357.132 of their Chrome web browser. More information about changes in Google Chrome Releases blog.
Adobe Flash Player And Adobe AIR Updates Available
Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.203
- Users of Adobe Flash Player 11.2.202.468 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.481
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
- Users of the Adobe AIR 18.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.180 SDK & Compiler
- Users of Adobe AIR 18.0.0.144 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.180.
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.203
- Users of Adobe Flash Player 11.2.202.468 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.481
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update
- Users of the Adobe AIR 18.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.180 SDK & Compiler
- Users of Adobe AIR 18.0.0.144 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.180.
More information can be read from Adobe's security bulletin.
Tuesday, July 7, 2015
Mozilla Product Updates Released
Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high, six as moderate and one as low.
Affected products are:
- Mozilla Firefox earlier than 39
- Mozilla Firefox ESR earlier than 31.8
- Mozilla Firefox ESR earlier than 38.1
- Mozilla Thunderbird earlier than 38.1
Links to the security advisories with details about addressed security issues:
MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
MFSA 2015-69 Privilege escalation in PDF.js
MFSA 2015-68 OS X crash reports may contain entered key press information
MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
MFSA 2015-66 Vulnerabilities found through code inspection
MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
MFSA 2015-61 Type confusion in Indexed Database Manager
MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Affected products are:
- Mozilla Firefox earlier than 39
- Mozilla Firefox ESR earlier than 31.8
- Mozilla Firefox ESR earlier than 38.1
- Mozilla Thunderbird earlier than 38.1
Links to the security advisories with details about addressed security issues:
MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
MFSA 2015-69 Privilege escalation in PDF.js
MFSA 2015-68 OS X crash reports may contain entered key press information
MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
MFSA 2015-66 Vulnerabilities found through code inspection
MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
MFSA 2015-61 Type confusion in Indexed Database Manager
MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Labels:
Firefox,
Mozilla,
security,
thunderbird,
update,
vulnerability
Subscribe to:
Posts (Atom)