Tuesday, December 26, 2017

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.5.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Friday, December 15, 2017

Google Chrome Updated

Google have released a version 63.0.3239.108 of their Chrome web browser. New version contains two security fixes. More information about changes in Google Chrome Releases blog.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 27.0.0.187 and earlier versions for Windows should update to Adobe Flash Player 28.0.0.126

- Users of Adobe Flash Player 27.0.0.187 and earlier versions for Macintosh should update to Adobe Flash Player 28.0.0.126

- Users of Adobe Flash Player 27.0.0.187 and earlier versions for Linux should update to Adobe Flash Player 28.0.0.126

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For December 2017

Microsoft have released security updates for December 2017.

Summary of the updates (filter by inserting 11/15/2017 to the From field and 12/15/2017 to the To field) here.

New Version Of iCloud For Windows Released

Apple have released version 7.2 of their iCloud client for Windows. New version contains fixes to a bunch of security vulnerabilities.

More information about the security content of iCloud for Windows 7.2 can be read from related security advisory.

Users of old versions should update to the latest one available here.

ITunes 12.7.2 Released

Apple have released version 12.7.2 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.7.2 can be read from related security advisory.

Users of old versions should update to the latest one available.

Saturday, December 9, 2017

Symantec Intelligence Report: November 2017

Symantec have published their Intelligence report that sums up the latest threat trends for November 2017.

The report can be viewed here.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 57.0.2 (advisory)
- Mozilla Firefox earlier than ESR 52.5.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Thursday, December 7, 2017

Google Chrome Updated

Google have released a version 63.0.3239.84 of their Chrome web browser. New version contains 37 security fixes. More information about changes in Google Chrome Releases blog.

Wednesday, December 6, 2017

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 57.0.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Sunday, December 3, 2017

WordPress 4.9.1 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.9.1

More information can be read from the WordPress blog.

Wednesday, November 29, 2017

VMware Updates Available

VMware has released security updates to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Horizon View Client for Windows versions earlier than 4.6.1
- VMware Workstation Pro versions earlier than 12.5.8
- VMware Workstation Player versions earlier than 12.5.8
- VMware Fusion Pro / Fusion versions earlier than 8.5.9

Further information including updating instructions can be read from VMware's security advisory.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.5

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Thursday, November 16, 2017

Adobe DNG Converter Patch Available

Adobe has released updated version of their Adobe DNG Converter for Windows. Update fixes a critical memory corruption vulnerability (CVE-2017-11295).

Affected are Adobe DNG Converter versions older than 10.0.

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two important categorized vulnerabilities (CVE-2017-3111 and CVE-2017-11296) and one moderate vulnerability (CVE-2017-3109).

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory.

Shockwave Player Updated

Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to remote code execution (CVE-2017-11294).

Users of Adobe Shockwave Player 12.2.9.199 and earlier should update to Adobe Shockwave Player 12.3.1.201.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the disclosure of memory addresses and a memory corruption vulnerability that could lead to the disclosure of memory addresses.

Affected versions are Adobe Digital Editions 4.5.6 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.7).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe InDesign Update Available

Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2017-11302) that could be abused to execute code remotely. The vulnerability is caused by improper handling of a malformed .inx file.

Affected versions:
- Adobe InDesign earlier than 13.0


More information can be read from Adobe's security bulletin.

Wednesday, November 15, 2017

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.012.20098 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30066 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30355 and earlier

*of series XI (11.x)
Adobe Reader 11.0.22 and earlier
Adobe Acrobat 11.0.22 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect for Windows. The new update resolves a critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2017-11291) that could be abused to bypass network access controls. The update contains also fixes to three input validation vulnerabilities (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289) that could be used in cross-site scripting attacks. In additional to these the update contains a mitigation to help protect users from clickjacking attacks (CVE-2017-11290).

Affected versions:
- Adobe Connect earlier than 9.7


More information can be read from Adobe's security bulletin.

Security Patch Available To Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve two critical vulnerabilities (CVE-2017-11303 and CVE-2017-11304) that could lead to code execution.

Affected versions:
Adobe Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions


Instructions for updating are given in related security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Windows should update to Adobe Flash Player 27.0.0.187

- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Macintosh should update to Adobe Flash Player 27.0.0.187

- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Linux should update to Adobe Flash Player 27.0.0.187

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For November 2017

Microsoft have released security updates for November 2017.

Summary of the updates (filter by inserting 10/11/2017 to the From field and 11/15/2017 to the To field) here.

Tuesday, November 14, 2017

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 57
- Mozilla Firefox ESR 52.5


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Google Chrome Updated

Google have released a version 62.0.3202.94 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Sunday, November 12, 2017

Symantec Intelligence Report: October 2017

Symantec have published their Intelligence report that sums up the latest threat trends for October 2017.

The report can be viewed here.

Saturday, November 4, 2017

ITunes 12.7.1 Released

Apple have released version 12.7.1 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.7.1 can be read from related security advisory.

Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.1 of their iCloud client for Windows. New version fixes a bunch of security vulnerabilities.

More information about the security content of iCloud for Windows 7.1 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Friday, November 3, 2017

WordPress 4.8.3 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.8.3

More information can be read from the WordPress blog.

Saturday, October 28, 2017

Google Chrome Updated

Google have released a version 62.0.3202.75 of their Chrome web browser. New version contains one security fix. More information about changes in Google Chrome Releases blog.

New PHP Versions Released

PHP development team has released 7.1.11, 7.0.25 and 5.6.32 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.11
Version 7.0.25
Version 5.6.32

Saturday, October 21, 2017

Google Chrome Updated

Google have released a version 62.0.3202.62 of their Chrome web browser. New version contains 35 security fixes. More information about changes in Google Chrome Releases blog.

Oracle Critical Patch Update For Q4 of 2017

Oracle have released updates for their products that fix 252 security issues (including 22 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2018.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 27.0.0.159 and earlier versions for Windows should update to Adobe Flash Player 27.0.0.170

- Users of Adobe Flash Player 27.0.0.159 and earlier versions for Macintosh should update to Adobe Flash Player 27.0.0.170

- Users of Adobe Flash Player 27.0.0.159 and earlier versions for Linux should update to Adobe Flash Player 27.0.0.170

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Monday, October 16, 2017

Microsoft Security Updates For October 2017

Microsoft have released security updates for October 2017.

Summary of the updates (filter by inserting 09/13/2017 to the From field and 10/16/2017 to the To field) here.

Wednesday, October 11, 2017

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.4

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Monday, October 9, 2017

Symantec Intelligence Report: September 2017

Symantec have published their Intelligence report that sums up the latest threat trends for September 2017.

The report can be viewed here.

Wednesday, October 4, 2017

3 Zero-Day Plugin Vulnerabilities Exploited In The Wild

According to security company Wordfence's blog post hackers have been exploiting three zero-days to install backdoors on WordPress sites. The zero-days affect three WordPress plugins which are Appointments, Flickr Gallery and RegistrationMagic-Custom Registration Forms.

Affected versions:
-Appointments earlier than version 2.2.2
-Flickr Gallery earlier than version 1.5.3
-RegistrationMagic-Custom Registration Forms earlier than version 3.7.9.3



More information in the Wordfence blog.

Sites using affected plugins should update to the latest versions available. Also, it's recommended to disable those plugins that are not needed.

New PHP Versions Released

PHP development team has released 7.1.10 and 7.0.24 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.10
Version 7.0.24

Friday, September 29, 2017

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.4 (advisory)
- Mozilla Firefox earlier than 56 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

New Version Of iCloud For Windows Released

Apple have released version 7.0 of their iCloud client for Windows. New version fixes a bunch of security vulnerabilities.

More information about the security content of iCloud for Windows 7.0 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Friday, September 22, 2017

Google Chrome Updated

Google have released a version 61.0.3163.100 of their Chrome web browser. New version contains three security fixes. More information about changes in Google Chrome Releases blog.

WordPress 4.8.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.8.2

More information can be read from the WordPress blog.

VMware Updates Available

VMware has released security updates to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 6.5 without ESXi650-201707101-SG patch
- VMware ESXi 6.0 without ESXi600-201706101-SG patch
- VMware ESXi 5.5 without ESXi550-201709101-SG patch
- VMware vCenter Server 6.5 earlier than 6.5 U1
- VMware Workstation Pro versions earlier than 12.5.7
- VMware Workstation Player versions earlier than 12.5.7
- VMware Fusion Pro / Fusion versions earlier than 8.5.8

Further information including updating instructions can be read from VMware's security advisory.

Tuesday, September 19, 2017

Google Chrome Updated

Google have released a version 61.0.3163.91 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Saturday, September 16, 2017

Adobe ColdFusion Fix Available

Adobe have released updated versions of ColdFusion web application development platform. These fixes address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284).

Affected versions:
- ColdFusion (2016 release): update 4 and earlier versions
- ColdFusion 11: update 12 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 26.0.0.151 and earlier versions for Windows should update to Adobe Flash Player 27.0.0.130

- Users of Adobe Flash Player 26.0.0.151 and earlier versions for Macintosh should update to Adobe Flash Player 27.0.0.130

- Users of Adobe Flash Player 26.0.0.151 and earlier versions for Linux should update to Adobe Flash Player 27.0.0.130

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, September 15, 2017

RoboHelp Update Available

Adobe has released an updated version of their RoboHelp for Windows. The new version fixes two security vulnerabilities.

Affected versions:
-RH2017.0.2
+RH12.0.4.460 (hotfix)

More information can be read here.

Microsoft Security Updates For September 2017

Microsoft have released security updates for September 2017.

Summary of the updates (filter by inserting 08/09/2017 to the From field and 09/15/2017 to the To field) here.

Wednesday, September 13, 2017

Foxit PhantomPDF Update Available

Foxit Software has released version 7.3.17 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 7.3.15.712 and earlier (Windows)

More information can be read here.

Thursday, September 7, 2017

Google Chrome Updated

Google have released a version 61.0.3163.79 of their Chrome web browser. New version contains 22 security fixes. More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: August 2017

Symantec have published their Intelligence report that sums up the latest threat trends for August 2017.

The report can be viewed here.

New PHP Versions Released

PHP development team has released 7.1.9 and 7.0.23 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.9
Version 7.0.23

Saturday, August 26, 2017

Google Chrome Updated

Google have released a version 60.0.3112.113 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Sunday, August 13, 2017

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix an important categorized file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110).

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes  a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure.

Affected versions are Adobe Digital Editions 4.5.5 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.6).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.009.20058 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.008.30051 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30306 and earlier

*of series XI (11.x)
Adobe Reader 11.0.20 and earlier
Adobe Acrobat 11.0.20 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.151

- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.151

- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.151

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, August 11, 2017

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.3 (advisory)
- Mozilla Firefox earlier than 55 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For August 2017

Microsoft have released security updates for August 2017.

Summary of the updates (filter by inserting 07/12/2017 to the From field and 08/11/2017 to the To field) here.

Symantec Intelligence Report: July 2017

Symantec have published their Intelligence report that sums up the latest threat trends for July 2017.

The report can be viewed here.

Thursday, August 3, 2017

Google Chrome Updated

Google have released a version 60.0.3112.90 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

New PHP Version Released

PHP development team has released 7.0.22 versions of the PHP scripting language. All PHP 7.0 users are recommended to upgrade their versions to the latest release.

Changelog can be viewed here.

Sunday, July 30, 2017

Microsoft Announce Windows Bounty Program

Microsoft has launched a Windows Bounty Program to help finding bugs in Windows. Microsoft has paid bug hunters earlier too but only some specific Windows features were covered. New program will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard and Microsoft Edge. Bounty payouts will range from $500 USD to $250,000 USD.

More information about the Program can be read from Microsoft Security Response Center (MSRC) blog.

Wednesday, July 26, 2017

Google Chrome Updated

Google have released a version 60.0.3112.78 of their Chrome web browser. New version contains 40 security fixes. More information about changes in Google Chrome Releases blog.

Saturday, July 22, 2017

ITunes 12.6.2 Released

Apple have released version 12.6.2 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.6.2 can be read from related security advisory.

Users of old versions should update to the latest one available.

Oracle Critical Patch Update For Q3 of 2017

Oracle have released updates for their products that fix 308 security issues (including 32 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2017.

Monday, July 17, 2017

Symantec Intelligence Report: June 2017

Symantec have published their Intelligence report that sums up the latest threat trends for June 2017.

The report can be viewed here.

Thursday, July 13, 2017

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect for Windows. The new update resolves two input validation vulnerabilities that could be used in cross-site scripting attacks and contains a mitigation to help protect users from clickjacking attacks.

Affected versions:
- Adobe Connect earlier than 9.6.1


More information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.137

- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.137

- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.137

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For July 2017

Microsoft have released security updates for July 2017.

Summary of the updates (filter by inserting 06/14/2017 to the From field and 07/13/2017 to the To field) here.

New PHP Versions Released

PHP development team has released 7.1.7, 7.0.21 and 5.6.31 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.7
Version 7.0.21
Version 5.6.31

Monday, July 3, 2017

Vulnerability In WP Statistics

There has been found a critical SQL injection vulnerability in WP Statistics WordPress plugin. The plugin is currently installed on over 300,000 websites.

Users of WP Statistics version earlier than 12.0.8 should update their plugin to the latest version.

More information in Sucuri's blog post here.

Thursday, June 22, 2017

Google Chrome Updated

Google have released a version 59.0.3071.109 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Wednesday, June 14, 2017

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes critical memory corruption vulnerabilities that may allow an attacker to execute arbitrary code in vulnerable system.

Affected versions are Adobe Digital Editions 4.5.4 and earlier versions on Windows, Macintosh and Android. Users of affected versions should update their versions to the latest one (currently 4.5.5).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe Captivate Update Available

Adobe have released an updated version for Adobe Captivate. The new version fixes an information disclosure vulnerability (CVE-2017-3087).

Users of Adobe Captivate 9 and earlier should update their versions to the latest one.

More information can be read from Adobe's security bulletin.

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to remote code execution (CVE-2017-3086).

Users of Adobe Shockwave Player 12.2.8.198 and earlier should update to Adobe Shockwave Player 12.2.9.199.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 25.0.0.171 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.126

- Users of Adobe Flash Player 25.0.0.171 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.126

- Users of Adobe Flash Player 25.0.0.171 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.126

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.2 (advisory)
- Mozilla Firefox earlier than 54 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For June 2017

Microsoft have released security updates for June 2017.

Details about the updates can be read from release notes. Summary of the updates (filter by inserting 05/10/2017 to the From field and 06/14/2017 to the To field) here.

Also, critical security updates for older platforms, like Windows XP, were released. More information about those in Microsoft Security Response Center (MSRC) blog.

Sunday, June 11, 2017

Symantec Intelligence Report: May 2017

Symantec have published their Intelligence report that sums up the latest threat trends for May 2017.

The report can be viewed here.

New PHP Versions Released

PHP development team has released 7.1.6 and 7.0.20 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.6
Version 7.0.20

Tuesday, June 6, 2017

Google Chrome Updated

Google have released a version 59.0.3071.86 of their Chrome web browser. New version contains 30 security fixes. More information about changes in Google Chrome Releases blog.

Monday, May 22, 2017

WordPress 4.7.5 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.7.5

More information can be read from the WordPress blog.

Friday, May 12, 2017

Google Chrome Updated

Google have released a version 58.0.3029.110 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

New PHP Versions Released

PHP development team has released 7.1.5 and 7.0.19 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.5
Version 7.0.19

Symantec Intelligence Report: April 2017

Symantec have published their Intelligence report that sums up the latest threat trends for April 2017.

The report can be viewed here.

Microsoft Security Updates For May 2017

Microsoft have released security updates for May 2017.

Details about the updates can be read from release notes. Summary of the updates (filter by inserting 04/12/2017 to the From field and 05/12/2017 to the To field) here.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 25.0.0.148 and earlier versions for Windows should update to Adobe Flash Player 25.0.0.171

- Users of Adobe Flash Player 25.0.0.163 and earlier versions for Macintosh should update to Adobe Flash Player 25.0.0.171

- Users of Adobe Flash Player 25.0.0.148 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.171

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Sunday, May 7, 2017

Updates To Mozilla Firefox Released

Mozilla have released updates to Firefox browser to address a security vulnerability.

Affected products are:
- Mozilla Firefox earlier than ESR 52.1.1
- Mozilla Firefox earlier than 53.0.2


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Thursday, May 4, 2017

Foxit PhantomPDF Update Available

Foxit Software has released version 7.3.13 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 7.3.11.1122 and earlier (Windows)

More information can be read here.

Google Chrome Updated

Google have released a version 58.0.3029.96 of their Chrome web browser. New version contains one security fix. More information about changes in Google Chrome Releases blog.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Saturday, April 22, 2017

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 8.3 of their Foxit Reader and Foxit PhantomPDF software. The new versions contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 8.2.1.6871 and earlier (Windows)
Foxit PhantomPDF 8.2.1.6871 and earlier (Windows)

More information can be read here.

Google Chrome Updated

Google have released a version 58.0.3029.81 of their Chrome web browser. Among other changes the new version contains 29 security fixes. More information about changes in Google Chrome Releases blog.

Updates To Mozilla Firefox Released

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.1 (advisory)
- Mozilla Firefox earlier than ESR 45.9 (advisory)
- Mozilla Firefox earlier than 53 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

VMware Updates Available

VMware has released security update to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Unified Access Gateway 2.8.x or 2.7.x or 2.5.x on Windows platform
- VMware Horizon View 7.x earlier than 7.1.0 on Windows platform
- VMware Horizon View 6.x earlier than 6.2.4 on Windows platform
- VMware Horizon View Client for Windows 4.x earlier than 4.4.0
- VMware Workstation Pro versions earlier than 12.5.3 on Windows platform
- VMware Workstation Player versions earlier than 12.5.3 on Windows platform

Further information including updating instructions can be read from VMware's security advisory.

Symantec Intelligence Report: March 2017

Symantec have published their Intelligence report that sums up the latest threat trends for March 2017.

The report can be viewed here.

Oracle Critical Patch Update For Q2 of 2017

Oracle have released updates for their products that fix 300 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2017.

Friday, April 14, 2017

Security Patch Available To Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).

Affected versions:
Adobe Photoshop CC 2017 18.01 and earlier versions
Adobe Photoshop CC 2015.5 17.0.1 (2015.5.1) and earlier versions

Instructions for updating are given in related security bulletin.

Creative Cloud Desktop Application Update

Adobe have released a security update to fix two vulnerabilities in their Creative Cloud Desktop Application. The first vulnerability is related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006). The second vulnerability is related to the directory search path used to find resources (CVE-2017-3007).

Affected versions:
Creative Cloud 3.9.5.353 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.023.20070 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30280 and earlier

*of series XI (11.x)
Adobe Reader 11.0.19 and earlier
Adobe Acrobat 11.0.19 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe Campaign

Adobe have released a new version of their Adobe Campaign v6.11. The new version fixes an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).

Affected versions are Adobe Campaign v6.11 Build 8770 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 16.11 Build 8795).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 25.0.0.148

- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.148

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2017

Microsoft have released security updates for April 2017.

Details about the updates can be read from release notes. Summary of the updates (filter by inserting 03/14/2017 to the From field and 04/11/2017 to the To field) here.

Tuesday, April 11, 2017

Unpatched Vulnerability In Microsoft Office Being Exploited

There has been found a vulnerability in Microsoft Office that is currently being exploited by different malware families. The vulnerability is related to OLE object handling allowing a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. Microsoft is planning to fix the vulnerability as a part their Tuesday security update. Meanwhile, users should ensure that Office Protected View is enabled.

More information here.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Sunday, April 2, 2017

Google Chrome Updated

Google have released a version 57.0.2987.133 of their Chrome web browser. Among other changes the new version contains five security fixes. More information about changes in Google Chrome Releases blog.

Friday, March 31, 2017

VMware Updates Available

VMware has released security update to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation Pro versions earlier than 12.5.5 on Windows platform
- VMware Player versions earlier than 12.5.5 on Windows platform
- VMware Fusion Pro 8.5.6 on Mac OS X platform
- VMware Fusion 8.5.6 on Mac OS X platform
- VMware ESXi versions 6.5, 6.0 and 5.5

Further information including updating instructions can be read from VMware's security advisory.

Saturday, March 25, 2017

ITunes 12.6 Released

Apple have released version 12.6 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.6 can be read from related security advisory.

Users of old versions should update to the latest one available.

Sunday, March 19, 2017

New PHP Versions Released

PHP development team has released 7.1.3 and 7.0.17 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.3
Version 7.0.17

Wednesday, March 15, 2017

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to escalation of privilege (CVE-2017-2983).

Users of Adobe Shockwave Player 12.2.7.197 and earlier should update to Adobe Shockwave Player 12.2.8.198.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 24.0.0.221 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 25.0.0.127

- Users of Adobe Flash Player 24.0.0.221 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.127

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For March 2017

Microsoft have released security updates for March 2017.

Details about the updates can be read from release notes. Summary of the updates (filter by inserting 02/15/2017 to the From field and 03/14/2017 to the To field) here.

ESET Monthly Threat Report: February 2017

ESET have published a report of top ten threats in February 2017

TOP 10 threats list (previous ranking listed too):
1. Win32/TrojanDownloader.Wauchos (1.)
2. JS/Danger.ScriptAttachment (6.)
3. LNK/Agent.DA (4.)
4. HTML/FakeAlert (7.)
5. Win64/TrojanDownloader.Wauchos (3.)
6. JS/ProxyChanger (2.)
7. Win32/Bundpil (5.)
8. JS/TrojanDownloader.Nemucod (-)
9. HTML/Refresh (9.)
10. Win32/Adware.ELEX (8.)


Complete report (with a description about each of the above listed threats) can be viewed here.

Google Chrome Updated

Google have released a version 57.0.2987.98 of their Chrome web browser. Among other changes the new version contains 36 security fixes. More information about changes in Google Chrome Releases blog.

Monday, March 13, 2017

Symantec Intelligence Report: February 2017

Symantec have published their Intelligence report that sums up the latest threat trends for February 2017.

The report can be viewed here.

Wednesday, March 8, 2017

Updates To Mozilla Products Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 52 (advisory)
- Mozilla Firefox earlier than ESR 45.8 (advisory)
- Mozilla Thunderbird earlier than 45.8 (advisory)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

WordPress 4.7.3 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.7.3

More information can be read from the WordPress blog.

Sunday, March 5, 2017

DNSMessenger

Talos, Cisco's security research outfit, have been researching a unique attack DNSMessenger which uses DNS queries to carry out malicious PowerShell commands on affected computers.

According to the Talos experts the infection chain begins with a rigged Word document sent to recipients who are encouraged to “enable content” so they can view a message. If enabled the document launches a Visual Basic for Applications (VBA) macro script that opens the initial PowerShell command that ultimately leads to the multistage attack and the eventual installing of a remote access Trojan.

More details can be read in Talos blog post here.

Tuesday, February 28, 2017

DNS Attacks Explained

The Domain Name System (=DNS) is what enables to resolve the name of a web page through its IP address. There are different DNS attack types that cyber criminals use to make a user end up to totally different web site than (s)he originally meant access to. Josep Albors from ESET has written a blog post about these DNS attack types and how they differ from each others. It can be viewed here.

Kaspersky Mobile Malware Evolution 2016 Report

Kaspersky have published a report summing up mobile malware evolution in 2016.

Trends of the year:
- Growth in the popularity of malicious programs using super-user rights, primarily advertising Trojans
- Distribution of malware via Google Play and advertising services
- Emergence of new ways to bypass Android protection mechanisms
- Growth in the volume of mobile ransomware
- Active development of mobile banking Trojans

The report can be viewed here (in pdf -format)

Thursday, February 23, 2017

New PHP Versions Released

PHP development team has released 7.1.2 and 7.0.16 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.2
Version 7.0.16

Wednesday, February 15, 2017

Vulnerabilities Fixed In Adobe Campaign

Adobe have released a new version of their Adobe Campaign v6.11. The new version fixes two moderate vulnerabilities. One of those is security bypass which could be exploited by an authenticated user with access to the client console. Successful exploitation could lead to read and write access to the system (CVE-2017-2968). The other vulnerability is related to input validation and could be used in cross-site scripting attacks (CVE-2017-2969).

Affected versions are Adobe Campaign v6.11 16.4 Build 8724 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 16.8 Build 8757).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Vulnerabilities Fixed In Adobe Digital Editions

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes critical memory corruption vulnerabilities that may allow an attacker to execute arbitrary code in vulnerable system.

Affected versions are Adobe Digital Editions 4.5.3 and earlier versions on Windows, Macintosh and Android. Users of affected versions should update their versions to the latest one (currently 4.5.4).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 24.0.0.194 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.221

- Users of Adobe Flash Player 24.0.0.194 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.221

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Saturday, February 11, 2017

ESET Monthly Threat Report: January 2017

ESET have published a report of top ten threats in January 2017

TOP 10 threats list (previous ranking listed too):
1. Win32/TrojanDownloader.Wauchos (2.)
2. JS/ProxyChanger (-)
3. Win64/TrojanDownloader.Wauchos (5.)
4. LNK/Agent.DA (3.)
5. Win32/Bundpil (4.)
6. JS/Danger.ScriptAttachment (1.)
7. HTML/FakeAlert (6.)
8. Win32/Adware.ELEX (-)
9. HTML/Refresh (7.)
10. Win32/Agent.XWT (-)

Complete report (with a description about each of the above listed threats) can be viewed here.

Symantec Intelligence Report: January 2017

Symantec have published their Intelligence report that sums up the latest threat trends for January 2017.

The report can be viewed here.

Sunday, February 5, 2017

Google Chrome Updated

Google have released a version 56.0.2924.87 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Sunday, January 29, 2017

WordPress 4.7.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.7.2

More information can be read from the WordPress blog.

Updates To Mozilla Products Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 51 (advisory)
- Mozilla Firefox earlier than ESR 45.7 (advisory)
- Mozilla Thunderbird earlier than 45.7 (advisory)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Friday, January 27, 2017

ITunes 12.5.5 Released

Apple have released version 12.5.5 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.5.5 can be read from related security advisory.

Users of old versions should update to the latest one available.

Saturday, January 21, 2017

Oracle Critical Patch Update For Q1 of 2017

Oracle have released updates for their products that fix 270 security issues (including 17 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2017.

New PHP Versions Released

PHP development team has released 7.1.1, 7.0.15 and 5.6.30 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.1
Version 7.0.15
Version 5.6.30

Saturday, January 14, 2017

WordPress 4.7.1 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.7.1

More information can be read from the WordPress blog.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 8.2 of their Foxit Reader and Foxit PhantomPDF software. The new versions contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 8.1.4.1208 and earlier (Windows)
Foxit PhantomPDF 8.1.1.1115 and earlier (Windows)

More information can be read here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.020.20042 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30244 and earlier

*of series XI (11.x)
Adobe Reader 11.0.18 and earlier
Adobe Acrobat 11.0.18 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 24.0.0.186 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.194

- Users of Adobe Flash Player 24.0.0.186 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.194

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For January 2017

Microsoft have released security updates for January 2017. This month update contains four security bulletins of which one categorized as critical and three as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Sunday, January 8, 2017

Symantec Intelligence Report: December 2016

Symantec have published their Intelligence report that sums up the latest threat trends for December 2016.

The report can be viewed here.

Wednesday, January 4, 2017

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 45.6

Fresh version can be obtained via inbuilt updater or by downloading from the product site.