Monday, February 29, 2016

Vulnerabilities In Drupal Fixed

There have been fixed a bunch of vulnerabilities in open-source content management framework Drupal.

Affected versions:
Drupal core 6.x versions prior to 6.38
Drupal core 7.x versions prior to 7.43
Drupal core 8.0.x versions prior to 8.0.4.

Solution:
Users of 6.x should upgrade to 6.38
Users of 7.x should upgrade to 7.43
Users of 8.0.x should upgrade to 8.0.4


More information in Drupal security advisory.

Thursday, February 25, 2016

Symantec Intelligence Report: January 2016

Symantec have published their Intelligence report that sums up the latest threat trends for January 2016.

The report (in PDF format) can be viewed here.

Thursday, February 18, 2016

ESET Threat Radar Report for January 2016

ESET have published a report discussing global threats of January 2016.

TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. LNK/Agent.BZ (3.)
3. Win32/Bayrob (-)
4. LNK/Agent.AV (5.)
5. JS/TrojanDownloader.Iframe (7.)
6. HTML/iFrame (-)
7. HTML/ScrInject (4.)
8. Win32/Sality (8.)
9. LNK/Agent.BS (6.)
10. Win32/Ramnit (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, February 12, 2016

Google Chrome Updated

Google have released version 48.0.2564.109 of their Chrome web browser. Among other fixes the new version contains six security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Adobe Photoshop CC And Bridge CC Updated

Adobe have released updated versions for Photoshop CC and Bridge CC. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Photoshop CC 2015 16.11 (2015.1.1) and earlier versions for Windows and Macintosh should update to Adobe Photoshop CC 2015 16.1.2 (2015.1.2)

- Users of Adobe Photoshop CC 2014 15.2.3 (2014.2.3) and earlier versions for Windows and Macintosh should update to Adobe Photoshop CC 2014 15.2.4 (2014.2.4)

- Users of Adobe Bridge CC 6.1.1 and earlier versions for Windows and Macintosh should update to Adobe Bridge CC 6.2.

For Adobe Photoshop CC 2015 and Adobe Bridge CC Adobe recommends to update by launching each application, navigating to the Help menu, and clicking "Updates.".

Note: The Adobe Photoshop CC 2014 15.2.4 updates are not available by selecting Help > Updates from the application and will not show in the Applications & Updates section of the Creative Cloud application or the Creative Cloud Packager. The updates can be only downloaded from the links below:

Win (32-bit): https://www.adobe.com/support/downloads/detail.jsp?ftpID=6015
Win (64-bit): https://www.adobe.com/support/downloads/detail.jsp?ftpID=6016
Mac: https://www.adobe.com/support/downloads/detail.jsp?ftpID=6017


More information can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 20.0.0.286 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.306

- Users of Adobe Flash Player 11.2.202.559 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.569

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 20.0.0.233 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.260 SDK & Compiler

- Users of Adobe AIR 20.0.0.233 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.260.


More information can be read from Adobe's security bulletin.

Wednesday, February 10, 2016

Microsoft Security Updates For February 2016

Microsoft have released security updates for February 2016. This month update contains 13 security bulletins of which six categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

New PHP Versions Released

PHP development team has released 7.0.3, 5.6.18 and 5.5.32 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.0.3
Version 5.6.18
Version 5.5.32

Thursday, February 4, 2016

WordPress 4.4.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to two security vulnerabilities among a bunch of other bug fixes.

Affected versions:
WordPress versions earlier than 4.4.2

More information can be read from the WordPress blog.

Google Chrome Updated

Google have released version 48.0.2564.103 of their Chrome web browser. More information about the changes can be read in Google Chrome Releases blog.