Monday, October 26, 2015

Oracle Critical Patch Update For Q4 of 2015

Oracle have released updates for their products that fix 154 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2016.

Google Chrome Updated

Google have released version 46.0.2490.80 of their Chrome web browser. Among other fixes the new version contains an update to Adobe Flash Player (19.0.0.226). More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: September 2015

Symantec have published their Intelligence report that sums up the latest threat trends for September 2015.

Report highlights:
- There were a total of 10 zero-day vulnerabilities disclosed during the month of September.
- Large enterprises were the target of 45.7 percent of spear-phishing attacks in September, up from 11.7 percent in August.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during September, comprising 27 percent of all targeted attacks.


The report (in PDF format) can be viewed here.

ITunes 12.3.1 Released

Apple have released version 12.3.1 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.3.1 can be read from related security advisory.

Old version users should updated to the latest one available.

Sunday, October 18, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.226

- Users of Adobe Flash Player 11.2.202.535 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.540

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Thursday, October 15, 2015

Microsoft Security Updates For October 2015

Microsoft have released security updates for October 2015. This month update contains six security bulletins of which three categorized as critical and three as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.008.20082 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30060 and earlier

*of series XI (11.x)
Adobe Reader 11.0.12 and earlier
Adobe Acrobat 11.0.12 and earlier

*of series X (10.x)
Adobe Reader 10.1.15 and earlier
Adobe Acrobat 10.1.15 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.185 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.207

- Users of Adobe Flash Player 11.2.202.521 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.535

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 19.0.0.190 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.213 SDK & Compiler

- Users of Adobe AIR 19.0.0.190 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.213.


More information can be read from Adobe's security bulletin.

Wednesday, October 14, 2015

Google Chrome Updated

Google have released version 46.0.2490.71 of their Chrome web browser. The new version contains fixes to 24 security issues. More information about changes in Google Chrome Releases blog.

Monday, October 12, 2015

ESET Threat Radar Report for September 2015

ESET have published a report discussing global threats of September 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Bundpil (1.)
2. JS/TrojanDownloader.Iframe (-)
3. Win32/Adware.Mobogenie (-)
4. HTML/ScrInject (-)
5. LNK/Agent.AV (4.)
6. LNK/Agent.BX (-)
7. Win32/Sality (6.)
8. Win32/TrojanDownloader.Waski (-)
9. Win32/Ramnit (8.)
10. INF/Autorun (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, October 7, 2015

VMWare Updates Available

VMware has released security update to patch a bunch of vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
- VMware vCenter Server 6.0 prior to version 6.0 update 1
- VMware vCenter Server 5.5 prior to version 5.5 update 3
- VMware vCenter Server 5.1 prior to version 5.1 update u3b
- VMware vCenter Server 5.0 prior to version 5.0 update u3e


Further information including updating instructions can be read from VMware's security advisory.

PHP Versions 5.6.14 and 5.5.30 Released

PHP development team has released 5.6.14 and 5.5.30 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.