Tuesday, August 30, 2016
Opera Browser Sync Users Told To Reset Passwords
Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. The company says that it has reset all the Opera sync account passwords as a precaution. More information in Opera blog.
Dropbox Forces Password Reset For Older Users
Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012 they’ll be prompted to update it the next time they log into their account.
Dropbox says this is “purely a preventative measure” and stresses that there’s no proof that users’ accounts have been improperly accessed.
More information here.
Dropbox says this is “purely a preventative measure” and stresses that there’s no proof that users’ accounts have been improperly accessed.
More information here.
Thursday, August 25, 2016
ESET Threat Radar Report for July 2016
ESET have published a report discussing global threats of July 2016.
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (2.)
3. Win32/Agent.XWT ( 3.)
4. HTML/Refresh (5.)
5. JS/Adware.Agent.L (4.)
6. HTML/ScrInject (9.)
7. Win32/Ramnit (8.)
8. Win32/Sality (7.)
9. Defo (-)
10. INF/Autorun (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (2.)
3. Win32/Agent.XWT ( 3.)
4. HTML/Refresh (5.)
5. JS/Adware.Agent.L (4.)
6. HTML/ScrInject (9.)
7. Win32/Ramnit (8.)
8. Win32/Sality (7.)
9. Defo (-)
10. INF/Autorun (10.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Wednesday, August 24, 2016
New PHP Versions Released
PHP development team has released 7.0.10 and 5.6.25 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.0.10
Version 5.6.25
Changelogs:
Version 7.0.10
Version 5.6.25
Friday, August 12, 2016
New Version Of Foxit Reader Available
Foxit Software has released a new version of their PDF viewer, Foxit Reader. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.
Affected versions:
Foxit Reader 8.0.0.624 and earlier (Windows)
Foxit Reader 2.0.0.0625 and earlier (Mac OS X)
Foxit Reader 1.1.1.0602 and earlier (Linux)
Foxit PhantomPDF 8.0.1.628 and earlier (Windows)
More information can be read here.
Affected versions:
Foxit Reader 8.0.0.624 and earlier (Windows)
Foxit Reader 2.0.0.0625 and earlier (Mac OS X)
Foxit Reader 1.1.1.0602 and earlier (Linux)
Foxit PhantomPDF 8.0.1.628 and earlier (Windows)
More information can be read here.
Fix For vBulletin Available
There has been released an update to vBulletin software that is used on many internet forums. The update fixes a SSRF (Server Side Request Forgery) vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. A public method for exploiting is available so it's strongly advised that vBulletin using forums are updated with the latest version.
Affected versions:
vBulletin 5.2.2 and earlier
vBulletin 4.2.3 and earlier
vBulletin 3.8.9 and earlier
More information:
- http://www.securityfocus.com/archive/1/539149
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta
Affected versions:
vBulletin 5.2.2 and earlier
vBulletin 4.2.3 and earlier
vBulletin 3.8.9 and earlier
More information:
- http://www.securityfocus.com/archive/1/539149
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta
Wednesday, August 10, 2016
Microsoft Security Updates For August 2016
Microsoft have released security updates for August 2016. This month update contains nine security bulletins of which five categorized as critical and four as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Sunday, August 7, 2016
Symantec Intelligence Report: July 2016
Symantec have published their Intelligence report that sums up the latest threat trends for July 2016.
The report can be viewed here.
The report can be viewed here.
Mozilla Firefox Updates Released
Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which three categorized as critical, seven as high, 11 as moderate and two as low.
Affected products are:
- Mozilla Firefox earlier than 48
- Mozilla Firefox earlier than ESR 45.3
Links to the security advisories with details about addressed security issues:
MFSA 2016-84 Information disclosure through Resource Timing API during page navigation
MFSA 2016-83 Spoofing attack through text injection into internal error pages
MFSA 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
MFSA 2016-81 Information disclosure and local file manipulation through drag and drop
MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
MFSA 2016-79 Use-after-free when applying SVG effects
MFSA 2016-78 Type confusion in display transformation
MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
MFSA 2016-75 Integer overflow in WebSockets during data buffering
MFSA 2016-74 Form input type change from password to text can store plain text password in session restore file
MFSA 2016-73 Use-after-free in service workers with nested sync events
MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
MFSA 2016-71 Crash in incremental garbage collection in JavaScript
MFSA 2016-70 Use-after-free when using alt key and toplevel menus
MFSA 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
MFSA 2016-68 Out-of-bounds read during XML parsing in Expat library
MFSA 2016-67 Stack underflow during 2D graphics rendering
MFSA 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
MFSA 2016-63 Favicon network connection can persist when page is closed
MFSA 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than 48
- Mozilla Firefox earlier than ESR 45.3
Links to the security advisories with details about addressed security issues:
MFSA 2016-84 Information disclosure through Resource Timing API during page navigation
MFSA 2016-83 Spoofing attack through text injection into internal error pages
MFSA 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
MFSA 2016-81 Information disclosure and local file manipulation through drag and drop
MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
MFSA 2016-79 Use-after-free when applying SVG effects
MFSA 2016-78 Type confusion in display transformation
MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
MFSA 2016-75 Integer overflow in WebSockets during data buffering
MFSA 2016-74 Form input type change from password to text can store plain text password in session restore file
MFSA 2016-73 Use-after-free in service workers with nested sync events
MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
MFSA 2016-71 Crash in incremental garbage collection in JavaScript
MFSA 2016-70 Use-after-free when using alt key and toplevel menus
MFSA 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
MFSA 2016-68 Out-of-bounds read during XML parsing in Expat library
MFSA 2016-67 Stack underflow during 2D graphics rendering
MFSA 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
MFSA 2016-63 Favicon network connection can persist when page is closed
MFSA 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Tuesday, August 2, 2016
ESET Threat Radar Report for June 2016
ESET have published a report discussing global threats of June 2016.
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (3.)
3. Win32/Agent.XWT ( 4.)
4. JS/Adware.Agent.L (8.)
5. HTML/Refresh (10.)
6. JS/TrojanDownloader.FakejQuery (-)
7. Win32/Sality (7.)
8. Win32/Ramnit (9.)
9. HTML/ScrInject (6.)
10. INF/Autorun (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (3.)
3. Win32/Agent.XWT ( 4.)
4. JS/Adware.Agent.L (8.)
5. HTML/Refresh (10.)
6. JS/TrojanDownloader.FakejQuery (-)
7. Win32/Sality (7.)
8. Win32/Ramnit (9.)
9. HTML/ScrInject (6.)
10. INF/Autorun (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Subscribe to:
Posts (Atom)
