Tuesday, February 28, 2017

DNS Attacks Explained

The Domain Name System (=DNS) is what enables to resolve the name of a web page through its IP address. There are different DNS attack types that cyber criminals use to make a user end up to totally different web site than (s)he originally meant access to. Josep Albors from ESET has written a blog post about these DNS attack types and how they differ from each others. It can be viewed here.

Kaspersky Mobile Malware Evolution 2016 Report

Kaspersky have published a report summing up mobile malware evolution in 2016.

Trends of the year:
- Growth in the popularity of malicious programs using super-user rights, primarily advertising Trojans
- Distribution of malware via Google Play and advertising services
- Emergence of new ways to bypass Android protection mechanisms
- Growth in the volume of mobile ransomware
- Active development of mobile banking Trojans

The report can be viewed here (in pdf -format)

Thursday, February 23, 2017

New PHP Versions Released

PHP development team has released 7.1.2 and 7.0.16 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.2
Version 7.0.16

Wednesday, February 15, 2017

Vulnerabilities Fixed In Adobe Campaign

Adobe have released a new version of their Adobe Campaign v6.11. The new version fixes two moderate vulnerabilities. One of those is security bypass which could be exploited by an authenticated user with access to the client console. Successful exploitation could lead to read and write access to the system (CVE-2017-2968). The other vulnerability is related to input validation and could be used in cross-site scripting attacks (CVE-2017-2969).

Affected versions are Adobe Campaign v6.11 16.4 Build 8724 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 16.8 Build 8757).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Vulnerabilities Fixed In Adobe Digital Editions

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes critical memory corruption vulnerabilities that may allow an attacker to execute arbitrary code in vulnerable system.

Affected versions are Adobe Digital Editions 4.5.3 and earlier versions on Windows, Macintosh and Android. Users of affected versions should update their versions to the latest one (currently 4.5.4).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 24.0.0.194 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.221

- Users of Adobe Flash Player 24.0.0.194 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.221

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Saturday, February 11, 2017

ESET Monthly Threat Report: January 2017

ESET have published a report of top ten threats in January 2017

TOP 10 threats list (previous ranking listed too):
1. Win32/TrojanDownloader.Wauchos (2.)
2. JS/ProxyChanger (-)
3. Win64/TrojanDownloader.Wauchos (5.)
4. LNK/Agent.DA (3.)
5. Win32/Bundpil (4.)
6. JS/Danger.ScriptAttachment (1.)
7. HTML/FakeAlert (6.)
8. Win32/Adware.ELEX (-)
9. HTML/Refresh (7.)
10. Win32/Agent.XWT (-)

Complete report (with a description about each of the above listed threats) can be viewed here.

Symantec Intelligence Report: January 2017

Symantec have published their Intelligence report that sums up the latest threat trends for January 2017.

The report can be viewed here.

Sunday, February 5, 2017

Google Chrome Updated

Google have released a version 56.0.2924.87 of their Chrome web browser. More information about changes in Google Chrome Releases blog.