Tuesday, August 30, 2016

Opera Browser Sync Users Told To Reset Passwords

Opera Software is warning 1.7 million users of its Opera web browser sync feature of a possible attack that exposes passwords to hackers. The company says that it has reset all the Opera sync account passwords as a precaution. More information in Opera blog.

Dropbox Forces Password Reset For Older Users

Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012 they’ll be prompted to update it the next time they log into their account.

Dropbox says this is  “purely a preventative measure” and stresses that there’s no proof that users’ accounts have been improperly accessed.

More information here.

Thursday, August 25, 2016

ESET Threat Radar Report for July 2016

ESET have published a report discussing global threats of July 2016.

TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (2.)
3. Win32/Agent.XWT ( 3.)
4. HTML/Refresh (5.)
5. JS/Adware.Agent.L (4.)
6. HTML/ScrInject (9.)
7. Win32/Ramnit (8.)
8. Win32/Sality (7.)
9. Defo (-)
10. INF/Autorun (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, August 24, 2016

New PHP Versions Released

PHP development team has released 7.0.10 and 5.6.25 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.0.10
Version 5.6.25

Friday, August 12, 2016

New Version Of Foxit Reader Available

Foxit Software has released a new version of their PDF viewer, Foxit Reader. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 8.0.0.624 and earlier (Windows)
Foxit Reader 2.0.0.0625 and earlier (Mac OS X)
Foxit Reader 1.1.1.0602 and earlier (Linux)
Foxit PhantomPDF 8.0.1.628 and earlier (Windows)

More information can be read here.

Fix For vBulletin Available

There has been released an update to vBulletin software that is used on many internet forums. The update fixes a SSRF (Server Side Request Forgery) vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. A public method for exploiting is available so it's strongly advised that vBulletin using forums are updated with the latest version.

Affected versions:
vBulletin 5.2.2 and earlier
vBulletin 4.2.3 and earlier
vBulletin 3.8.9 and earlier

More information:
- http://www.securityfocus.com/archive/1/539149
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta

Wednesday, August 10, 2016

Microsoft Security Updates For August 2016

Microsoft have released security updates for August 2016. This month update contains nine security bulletins of which five categorized as critical and four as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Sunday, August 7, 2016

Symantec Intelligence Report: July 2016

Symantec have published their Intelligence report that sums up the latest threat trends for July 2016.

The report can be viewed here.

Mozilla Firefox Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which three categorized as critical, seven as high, 11 as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 48
- Mozilla Firefox earlier than ESR 45.3

Links to the security advisories with details about addressed security issues:
MFSA 2016-84 Information disclosure through Resource Timing API during page navigation
MFSA 2016-83 Spoofing attack through text injection into internal error pages
MFSA 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
MFSA 2016-81 Information disclosure and local file manipulation through drag and drop
MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
MFSA 2016-79 Use-after-free when applying SVG effects
MFSA 2016-78 Type confusion in display transformation
MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
MFSA 2016-75 Integer overflow in WebSockets during data buffering
MFSA 2016-74 Form input type change from password to text can store plain text password in session restore file
MFSA 2016-73 Use-after-free in service workers with nested sync events
MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
MFSA 2016-71 Crash in incremental garbage collection in JavaScript
MFSA 2016-70 Use-after-free when using alt key and toplevel menus
MFSA 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
MFSA 2016-68 Out-of-bounds read during XML parsing in Expat library
MFSA 2016-67 Stack underflow during 2D graphics rendering
MFSA 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
MFSA 2016-63 Favicon network connection can persist when page is closed
MFSA 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Tuesday, August 2, 2016

ESET Threat Radar Report for June 2016

ESET have published a report discussing global threats of June 2016.

TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/Bundpil (3.)
3. Win32/Agent.XWT ( 4.)
4. JS/Adware.Agent.L (8.)
5. HTML/Refresh (10.)
6. JS/TrojanDownloader.FakejQuery (-)
7. Win32/Sality (7.)
8. Win32/Ramnit (9.)
9. HTML/ScrInject (6.)
10. INF/Autorun (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).