There has been found a critical vulnerability in PHPMailer library. The vulnerability (CVE-2016-10033) is related to the way that websites handle web-based email submission forms using the PHPMailer component. PHPMailer is used by many popular web-publishing platforms such as WordPress, Drupal and Joomla.
Affected versions:
PHPMailer versions earlier than 5.2.18
Fresh version of the PHPMailer can be downloaded here.
More information:
about the vulnerability
Drupal advisory
Wednesday, December 28, 2016
Friday, December 23, 2016
VMware ESXi Updates Available
VMware has released security update to patch a cross-site scripting issue in VMware ESXi.
Affected versions:
- VMware ESXi 6.0 without patch ESXi600-201611102-SG
- VMware ESXi 5.5 without patch ESXi550-201612102-SG
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware ESXi 6.0 without patch ESXi600-201611102-SG
- VMware ESXi 5.5 without patch ESXi550-201612102-SG
Further information including updating instructions can be read from VMware's security advisory.
Saturday, December 17, 2016
Mozilla Firefox Updates Released
Mozilla have released updates to Firefox browser to address security vulnerabilities of which some are critical.
Affected products are:
- Mozilla Firefox earlier than 50.1
- Mozilla Firefox earlier than ESR 45.6
Lists of the fixed vulnerabilities:
Firefox ESR 45.6
Firefox 50.1
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than 50.1
- Mozilla Firefox earlier than ESR 45.6
Lists of the fixed vulnerabilities:
Firefox ESR 45.6
Firefox 50.1
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 23.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.186
- Users of Adobe Flash Player 11.2.202.644 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.186
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 23.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.186
- Users of Adobe Flash Player 11.2.202.644 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.186
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Thursday, December 15, 2016
ESET Threat Radar Report for November 2016
ESET have published a report discussing global threats of November 2016.
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/TrojanDownloader.Wauchos (2.)
3. LNK/Agent.DA (4.)
4. Win32/Bundpil (5.)
5. Win64/TrojanDownloader.Wauchos (6.)
6. JS/ProxyChanger (9.)
7. JS/TrojanDownloader.FakejQuery (-)
8. HTML/Refresh (9.)
9. HTML/FakeAlert (8.)
10. Win32/Adware.ELEX (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/TrojanDownloader.Wauchos (2.)
3. LNK/Agent.DA (4.)
4. Win32/Bundpil (5.)
5. Win64/TrojanDownloader.Wauchos (6.)
6. JS/ProxyChanger (9.)
7. JS/TrojanDownloader.FakejQuery (-)
8. HTML/Refresh (9.)
9. HTML/FakeAlert (8.)
10. Win32/Adware.ELEX (-)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Microsoft Security Updates For December 2016
Microsoft have released security updates for December 2016. This month update contains 12 security bulletins of which six categorized as critical and six as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Tuesday, December 13, 2016
Symantec Intelligence Report: November 2016
Symantec have published their Intelligence report that sums up the latest threat trends for November 2016.
The report can be viewed here.
The report can be viewed here.
New PHP Versions Released
PHP development team has released 7.0.14 and 5.6.29 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.0.14
Version 5.6.29
Changelogs:
Version 7.0.14
Version 5.6.29
Friday, December 2, 2016
Google Chrome Updated
Google have released a version 55.0.2883.75 of their Chrome web browser. Among other changes the new version contains 36 security fixes. More information about changes in Google Chrome Releases blog.
Updates To Mozilla Products Released
Mozilla have released updates to Firefox browser and Thunderbird email client to address a critical vulnerability.
Affected products are:
- Mozilla Firefox earlier than 50.0.2
- Mozilla Firefox earlier than ESR 45.5.1
- Mozilla Thunderbird earlier than 45.5.1
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Affected products are:
- Mozilla Firefox earlier than 50.0.2
- Mozilla Firefox earlier than ESR 45.5.1
- Mozilla Thunderbird earlier than 45.5.1
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Subscribe to:
Posts (Atom)
