Cyber criminals behind Dridex and Locky ransomware have started distributing a new file-encrypting software named as Bart. According to security company Proofpoint RockLoader malware is used to download Bart over HTTPS. Bart itself will encrypt the files without first connecting to a remote command and conquer (C&C) server.
Malware campaign has included sending messages with the subjects "Photos" containing malicious Javascript code file (e.g. PDF_123456789.js) zipped in as an attachment with name like "photos.zip", "image.zip", "Photos.zip", "photo.zip", "Photo.zip", or "picture.zip".
More information with details can be read from Proofpoint blog post here.
Tuesday, June 28, 2016
Saturday, June 25, 2016
Vulnerability In Apache Struts Framework
Apache Struts is an open source framework for developing enterprise-ready Java web applications. There has been found a vulnerability (CVE-2016-4438) in its REST plugin. The vulnerability may allow an attacker to execute arbitrary code on server side when using the REST plugin.
Users of Struts versions 2.3.20 to 2.3.28.1 are recommended to update to Struts 2.3.29 version.
More information here.
Users of Struts versions 2.3.20 to 2.3.28.1 are recommended to update to Struts 2.3.29 version.
More information here.
Monday, June 20, 2016
Google Chrome Updated
Google have released version 51.0.2704.103 of their Chrome web browser. The new version contains three security vulnerability fixes. More information about changes in Google Chrome Releases blog.
Vulnerabilities In Drupal Fixed
There have been fixed two vulnerabilities in open-source content management framework Drupal.
Affected versions:
Drupal core 7.x versions prior to 7.44
Drupal core 8.x versions prior to 8.1.3
Solution:
Users of 7.x should upgrade to 7.44
Users of 8.x should upgrade to 8.1.3
More information in Drupal security advisory.
Affected versions:
Drupal core 7.x versions prior to 7.44
Drupal core 8.x versions prior to 8.1.3
Solution:
Users of 7.x should upgrade to 7.44
Users of 8.x should upgrade to 8.1.3
More information in Drupal security advisory.
Friday, June 17, 2016
Adobe AIR Update Available
Adobe have released updated version of Adobe AIR. The new version fixes a vulnerability (CVE-2016-4126) in the directory search path used by the AIR installer that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe AIR Desktop Runtime 21.0.0.215 and earlier versions for Windows should update to Adobe AIR 22.0.0.153
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe AIR Desktop Runtime 21.0.0.215 and earlier versions for Windows should update to Adobe AIR 22.0.0.153
More information can be read from Adobe's security bulletin.
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 21.0.0.242 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 22.0.0.192
- Users of Adobe Flash Player 11.2.202.621 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.626
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 21.0.0.242 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 22.0.0.192
- Users of Adobe Flash Player 11.2.202.621 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.626
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For June 2016
Microsoft have released security updates for June 2016. This month update contains 17 security bulletins of which six categorized as critical and 11 as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Tuesday, June 14, 2016
Symantec Intelligence Report: May 2016
Symantec have published their Intelligence report that sums up the latest threat trends for May 2016.
The report can be viewed here.
The report can be viewed here.
Mozilla Firefox Updates Released
Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which two categorized as critical, five as high, four as moderate and two as low.
Affected products are:
- Mozilla Firefox earlier than 47
- Mozilla Firefox earlier than ESR 45.2
Links to the security advisories with details about addressed security issues:
MFSA 2016-61 Network Security Services (NSS) vulnerabilities
MFSA 2016-60 Java applets bypass CSP protections
MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
MFSA 2016-57 Incorrect icon displayed on permissions notifications
MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
MFSA 2016-53 Out-of-bounds write with WebGL shader
MFSA 2016-52 Addressbar spoofing though the SELECT element
MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
MFSA 2016-50 Buffer overflow parsing HTML5 fragments
MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than 47
- Mozilla Firefox earlier than ESR 45.2
Links to the security advisories with details about addressed security issues:
MFSA 2016-61 Network Security Services (NSS) vulnerabilities
MFSA 2016-60 Java applets bypass CSP protections
MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
MFSA 2016-57 Incorrect icon displayed on permissions notifications
MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
MFSA 2016-53 Out-of-bounds write with WebGL shader
MFSA 2016-52 Addressbar spoofing though the SELECT element
MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
MFSA 2016-50 Buffer overflow parsing HTML5 fragments
MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Monday, June 6, 2016
Bing To Offer More Detailed Warnings About Malware
Microsoft's search engine Bing has been updated to give more detailed warnings about malware. Previously warnings have been a generic type to cover all malware threat types. In addition to make users better aware of the threat with this improvement webmasters are also able to clean their site quicker by having stronger insights into why their site was flagged.
More information in the post in the Bing blog.
More information in the post in the Bing blog.
Friday, June 3, 2016
ESET Threat Radar Report for May 2016
ESET have published a report discussing global threats of May 2016.
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (3.)
2. JS/TrojanDownloader.Nemucod (2.)
3. Win32/Bundpil (1.)
4. Win32/Agent.XWT ( 4.)
5. Win32/Bayrob (-)
6. HTML/ScrInject (5.)
7. Win32/Sality (9.)
8. JS/Adware.Agent.L (-)
9. Win32/Ramnit (7.)
10. HTML/Refresh (6.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (3.)
2. JS/TrojanDownloader.Nemucod (2.)
3. Win32/Bundpil (1.)
4. Win32/Agent.XWT ( 4.)
5. Win32/Bayrob (-)
6. HTML/ScrInject (5.)
7. Win32/Sality (9.)
8. JS/Adware.Agent.L (-)
9. Win32/Ramnit (7.)
10. HTML/Refresh (6.)
Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).
Subscribe to:
Posts (Atom)
