Monday, August 31, 2015

Adobe ColdFusion Hotfix Available

Adobe have released updated versions of ColdFusion web application development platform. This hotfix addresses an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure (CVE-2015-3269).

Affected versions:
- ColdFusion 11 and 10


More information can be read from Adobe's security bulletin.

Tuesday, August 25, 2015

QuickTime 7.7.8 Released

Apple have released a new version of their QuickTime multimedia player. Version 7.7.8 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

Affected versions:
QuickTime versions earlier than 7.7.8 on Microsoft Windows 7 and Microsoft Windows Vista operating systems.

QuickTime users with version older than 7.7.8 should update to the latest one available.

More information about security content of QuickTime 7.7.8 can be read here.

Sunday, August 23, 2015

Symantec Intelligence Report: July 2015

Symantec have published their Intelligence report that sums up the latest threat trends for July 2015.

Report highlights:
- The Manufacturing and Wholesale industries both saw significant increases in targeted attack activity in July, where both industries were up eight percentage points from June.
- There were six zero-day vulnerabilities discovered during the month—the highest number seen in more than a year.
- The release of four new mobile malware families in July is the highest number seen in the mobile malware landscape so far this year.


The report (in PDF format) can be viewed here.

Tuesday, August 18, 2015

Google Chrome Updated

Google have released version 44.0.2403.155 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Thursday, August 13, 2015

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.209 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.232

- Users of Adobe Flash Player 11.2.202.491 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.508

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 18.0.0.180 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.199 SDK & Compiler

- Users of Adobe AIR 18.0.0.180 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.199.


More information can be read from Adobe's security bulletin.

WordPress 4.2.4 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
WordPress versions earlier than 4.2.4

More information can be read from the WordPress blog.

Wednesday, August 12, 2015

Microsoft Security Updates For August 2015

Microsoft have released security updates for August 2015. This month update contains 14 security bulletins of which four categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, August 10, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Firefox OS to address a bunch of vulnerabilities of which one categorized as critical, three as high, one as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 39.0.3
- Mozilla Firefox ESR earlier than 38.1.1
- Mozilla Firefox OS 2.2

Links to the security advisories with details about addressed security issues:
MFSA 2015-78 Same origin violation and local file stealing via PDF reader
MFSA 2015-77 Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer
MFSA 2015-76 Wifi direct system messages don't require a permission
MFSA 2015-75 COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
MFSA 2015-74 UMS (USB) mounting after reboot even without unlocking
MFSA 2015-73 Remote HTML tag injection in Gaia System app
MFSA 2015-72 Remote HTML tag injection in Gaia Search app


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Firefox OS updates itself. Instructions for manually check the updates can be found here.

Friday, August 7, 2015

ESET Global Threat Report for July 2015

ESET have published a report discussing global threats of July 2015.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. SWF/Exploit.ExKit (-)
3. Win32/Adware.MultiPlug (2.)
4. JS/Kryptik.I (4.)
5. LNK/Agent.AV (5.)
6. LNK/Agent.BS (-)
7. Win32/Sality (7.)
8. Win32/Ramnit (8.)
9. HTML/Refresh (-)
10. INF/Autorun (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Tuesday, August 4, 2015

Kaspersky Lab's IT Threat Evolution Q2 2015 Report Available

Kaspersky Lab has published its Q2 cyber threats report highlighting key security incidents of the quarter and evaluating the Q2 cyber threat level.

The report can be viewed here.