Blade's Security Spot

MS12-004 Vulnerability Exploiting Malware Found

2012-01-28T14:29:00.000+02:00

Trend Micro warns in their blog about malware that exploits MIDI remote code execution vulnerability. Exploiting happens when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file. According to the blog post infection vector is a malicious HTML exploiting the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file and a JavaScript code file.

The exploited vulnerability was already addressed with an update (MS12-004) in Microsoft's last patch Tuesday. To protect against the threat users of affected systems should get this update installed as soon as possible.

More details about the malware in Trend Micro blog.

Chrome Updated

2012-01-24T19:21:00.000+02:00

Google has released a new version of their Chrome web browser. Version 16.0.912.77 contains fixes to five vulnerabilities of which one is categorized as critical and four as high.

More information in Google Chrome Releases blog.

Oracle Critical Patch Update For Q1 of 2012

2012-01-19T09:29:00.000+02:00

Oracle has released updates for their products that fix 78 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2012.

ESET Global Threat Report for December 2011

2012-01-14T12:41:00.000+02:00

ESET has released a report discussing global threats of December 2011.

TOP 10 threats of 2011 list:

1. INF/Autorun
2. Win32/Conficker
3. Win32/Sality
4. Win32/PSW.OnLineGames
5. HTML/Iframe.B
6. HTML/ScrInject.B
7. Win32/Autoit
8. Win32/Bflient
9. Win32/Tifaut
10. Win32/Spy.Ursnif.A

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Vulnerabilities In Wireshark

2012-01-11T14:47:00.001+02:00

There has been found three vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute arbitrary code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are all versions prior 1.4.11 or 1.6.5.

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from these advisories:
- http://www.wireshark.org/security/wnpa-sec-2012-01.html
- http://www.wireshark.org/security/wnpa-sec-2012-02.html
- http://www.wireshark.org/security/wnpa-sec-2012-03.html

Adobe Reader And Acrobat Security Updates

2012-01-10T22:45:00.000+02:00

Adobe has released security updates to fix a bunch of critical vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:
*of series X (10.x)
Adobe Reader 10.1.1 and earlier
Adobe Acrobat 10.1.1 and earlier

*of series 9.x
Adobe Reader 9.4.7 and earlier
Adobe Acrobat 9.4.7 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For January 2012

2012-01-10T22:32:00.000+02:00

Microsoft has released security updates for January 2012. This month update contains seven security bulletins of which one critical and six important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Fix For WordPress Available

2012-01-09T22:38:00.000+02:00

There has been fixed an XSS (cross site scripting) vulnerability in WordPress. The vulnerability could allow an attacker to put malicious content on affected site. Affected are WordPress versions earlier than 3.3.1.

More information can be read from WordPress blog.

Update For Chrome Available

2012-01-07T16:01:00.000+02:00

Google has released a new version of their Chrome web browser. Version 16.0.912.75 contains fixes to three vulnerabilities of which all of them being categorized as high.

More information in Google Chrome Releases blog.

Security Updates To Mozilla Products

2011-12-21T22:32:00.000+02:00

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which several categorized as critical.

Affected products are:- Mozilla Thunderbird earlier than 9.0- Mozilla SeaMonkey earlier than 2.6- Mozilla Firefox earlier than 9.0

Links to the security advisories with details about addressed security issues:
MFSA 2011-59 .jar not treated as executable in Firefox 3.6 on Mac
MFSA 2011-58 Crash scaling video element to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:Firefox Thunderbird SeaMonkey

Updates For Adobe Reader and Acrobat 9.x Windows Versions

2011-12-17T13:12:00.003+02:00

Adobe has released updates for Adobe Reader and Acrobat 9.x series Windows versions. New version patches earlier informed vulnerability (CVE-2011-2462) and also other vulnerability (CVE-2011-4369). Both may allow an attacker to take control of the vulnerable system.

Above mentioned vulnerabilities exist also in Adobe Reader X and Adobe Acrobat X versions. However, protection modes built in those prevent exploit of the type currently targeting these two vulnerabilities from executing. Thus, Adobe is planning to address theses issues in their next quarterly security update for Adobe Reader and Acrobat (scheduled for January 10, 2012).

More information in the related security bulletin.

Microsoft Security Updates For December 2011

2011-12-14T16:06:00.000+02:00

Microsoft has released security updates for December 2011. This month update contains 13 security bulletins of which three critical and ten important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Vulnerabilities In Winamp

2011-12-13T19:20:00.000+02:00

There have been found three vulnerabilities in Nullsoft's Winamp media player. Two of these are in the in_avi.dll plugin and one in the in_mod.dll plugin. Successful exploiting may allow executing of arbitrary code in vulnerable system.

Affected versions:Winamp 5.622 but older versions may also be affected

Solution:Users of affected version can download latest version on Winamp download site.

Vulnerability In Foxit Reader

2011-12-09T23:08:00.001+02:00

There has been found a vulnerability in Foxit Reader, software for pdf file handling. This issue was caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities.

Affected are Foxit Reader 5.1.0.1021 and earlier versions. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading fresh version here (Note: remember to unselect toolbar related options during the installation process unless you really want that installed too).More information here.

Symantec Intelligence Report: November 2011

2011-12-09T22:07:00.001+02:00

Symantec has published their Intelligence report that sums up the latest threat trends for November 2011.

Report highlights:
- Spam – 70.5 percent (a decrease of 3.7 percentage points since October 2011)
- Phishing – One in 302.0 emails identified as phishing (an increase of 0.04 percentage points since October 2011)
- Malware – One in 255.8 emails contained malware (a decrease of 0.03 percentage points since October 2011)
- Malicious Web sites – 4,915 Web sites blocked per day (an increase of 47.8 percent since October 2011)
- A Review of Targeted Attacks in 2011
- Revolution of Russian Phone Number Spam
- Best Practices for Enterprises and Users

The report can be viewed here.

Vulnerability in Adobe PDF products

2011-12-07T12:34:00.001+02:00

Adobe has released an advisory about a critical vulnerability in Adobe Reader & Adobe Acrobat products. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Adobe Reader X (10.1.1) and earlier versions
- Adobe Reader 9.4.6 and earlier 9.x versions
- Adobe Acrobat X (10.1.1) and earlier versions

Fix availability:
"We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012."

Patch For Opera Released

2011-12-07T12:05:00.000+02:00

Opera Software has released an update for their Opera web browser. Version 11.60 contains fixes to four security vulnerabilities (of one moderate of these Opera will reveal details later).

moderate:
* Pages can set cookies and communicate cross-site for some top level domains; advisory

low:
* A weakness in the SSL v3.0 and TLS 1.0 specifications can allow eavesdropping attacks against some applications; advisory
* JavaScript "in" operator allows leakage of cross-domain information; advisory

Opera users are strongly recommended to update to 11.60 version. New version can be downloaded here.

ESET Global Threat Report for November 2011

2011-12-05T14:21:00.000+02:00

ESET has released a report discussing global threats of November 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Dorkbot (2.)
3. HTML/ScrInject.B (4.)
4. HTML/Iframe.B (6.)
5. Win32/Conficker (3.)
6. Win32/Autoit (7.)
7. Win32/Sality (5.)
8. Win32/Ramnit (8.)
9. JS/TrojanDownloader.Iframe.NKE (9.)
10. Win32/PSW.OnLineGames (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Security Patch For RealPlayer

2011-11-21T18:55:00.000+02:00

RealNetworks has released updated version of their RealPlayer. New version contains fixes to 19 vulnerabilities.

Affected software: Windows RealPlayer prior 15.0.0 version

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

ESET Global Threat Report for October 2011

2011-11-21T08:14:00.001+02:00

ESET has released a report discussing global threats of October 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Dorkbot (3.)
3. Win32/Conficker (2.)
4. HTML/ScrInject.B (7.)
5. Win32/Sality (4.)
6. HTML/Iframe.B (5.)
7. Win32/Autoit (6.)
8. Win32/Ramnit (8.)
9. JS/TrojanDownloader.Iframe.NKE (10.)
10. Win32/PSW.OnLineGames (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Patched iTunes Available

2011-11-17T17:53:00.002+02:00

Apple has released version 10.5.1 of their iTunes media player. New version fixes a security issue that could allow a man-in-the-middle attack (CVE-2008-3434). Latest version can be downloaded here.

More information about the update can be read from related security bulletin.

Update For Adobe Flash Player

2011-11-11T11:24:00.001+02:00

Adobe has released updated version of their Flash Player. The new version fixes some critical categorized vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2445)
- a heap corruption vulnerability that could lead to code execution (CVE-2011-2450)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2451)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2452)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2453)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2454)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2455)
- a buffer overflow vulnerability that could lead to code execution (CVE-2011-2456)
- a stack overflow vulnerability that could lead to code execution (CVE-2011-2457)
- a vulnerability that could lead to a cross-domain policy bypass (Internet Explorer-only) (CVE-2011-2458)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2459)
- a memory corruption vulnerability that could lead to code execution (CVE-2011-2460)

Users of Adobe Flash Player 11.0.1.152 and earlier should update to Adobe Flash Player 11.1.102.55. Also, users of Adobe AIR version 3.0 and earlier should update to Adobe AIR 3.1.0.4880.

More information can be read from Adobe's security bulletin.

Chrome Update Available

2011-11-11T11:10:00.000+02:00

Update For Chrome Available
Google has released a new version of their Chrome web browser. Version 15.0.874.120 contains fixes to seven vulnerabilities of which five are high, one medium and one low categorized.

More information in Google Chrome Releases blog.

Security Updates From Mozilla

2011-11-10T10:21:00.001+02:00

Mozilla has released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which many are categorized as critical.

Affected products are:
- Mozilla Thunderbird earlier than 8.0 or 3.1.16
- Mozilla Firefox earlier than 8.0 or 3.6.24

Links to the security advisories with details about addressed security issues:
MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Adobe Shockwave Player Updated

2011-11-10T10:11:00.000+02:00

Adobe has released updated version of their Shockwave Player. The new version fixes several security vulnerabilities. The update is categorized as critical.

Users of Adobe Shockwave Player 11.6.1.629 and earlier should update to Adobe Shockwave Player 11.6.3.633.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For November 2011

2011-11-08T21:55:00.000+02:00

Microsoft has released security updates for November 2011. This month update contains four security bulletins of which one critical, two important and one moderate.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Unpatched Vulnerability in TrueType Font Parsing

2011-11-04T21:14:00.002+02:00

Microsoft is investigating a vulnerability in a Windows component, the Win32k TrueType font parsing engine. By exploiting the vulnerability an attacker may be able to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft is aware of targeted attacks that try to exploit this vulnerability. Duqu malware is reported to be exploiting the vulnerability.

At the moment there is no patch against the vulnerability available. However, has listed some workarounds to mitigate the problem. More information about this can be read from the Microsoft Security Advisory (2639658).

Symantec Intelligence Report: October 2011

2011-11-02T18:17:00.000+02:00

Symantec has published their Intelligence report that sums up the latest threat trends for October 2011.

Report highlights:
- Spam – 74.2 percent in October (a decrease of 0.6 percentage points since September 2011)
- Phishing – One in 343.1 emails identified as phishing (an increase of 0.07 percentage points since September 2011)
- Malware – One in 235.8 emails in October contained malware (a decrease of 0.11 percentage points since September 2011)
- Malicious Web sites – 3,325 Web sites blocked per day (a decrease of 4.3 percent since September 2011)
- 43.9 percent of all malicious domains blocked were new in October (a decrease of 0.7 percentage points since September 2011)
- 15.2 percent of all Web-based malware blocked was new in October (an increase of 0.7 percentage points since September 2011)
- Spammers setting up more URL shortening services
- Social engineering example from the East
- New Symantec Research: W32.Duqu - Precursor to the Next Stuxnet
- New Symantec Research: The Motivations of Recent Android Malware
- Best Practices for Enterprises and Users

The report can be viewed here.

ESET Global Threat Report for September 2011

2011-10-31T07:50:00.001+02:00

ESET has released a report discussing global threats of September 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/Dorkbot (4.)
4. Win32/Sality (5.)
5. HTML/Iframe.B.Gen (3.)
6. Win32/Autoit (7.)
7. HTML/ScrInject.B (6.)
8. Win32/Ramnit (10.)
9. Win32/PSW.OnLineGames (8.)
10. JS/TrojanDownloader.Iframe.NKE (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

QuickTime 7.7.1 Released

2011-10-28T09:36:00.001+03:00

Apple has released new version of their QuickTime. Version 7.7.1 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

QuickTime users with version older than 7.7.1 should update to the latest one available.

More information about security content of QuickTime 7.7.1 can be read here.

New Chrome Version Available

2011-10-26T11:18:00.002+03:00

Google has released a new version of their Chrome web browser. Version 15.0.874.102 contains fixes to 18 vulnerabilities of which 11 are high, three are medium and four low categorized. Along with security fixes there's also some other tweaks, like a New Tab page, added.

More information in Google Chrome Releases blog.

Java Updates From Oracle

2011-10-20T19:27:00.001+03:00

Oracle has released update for Java JRE and JDK. The update fixes 20 vulnerabilities of which nine can be exploited to execute arbitrary code in affected system.

Affected versions are:
- Java 7 JRE and JDK earlier than update 1 (1.7.0_1)
- Java 6 JRE and JDK earlier than update 29 (1.6.0_29)
- Java 5.0 JRE and JDK earlier than update 32 (1.5.0_32)
- Java 1.4.2 JRE and JDK earlier than update 34 (1.4.2_34)

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Oracle Critical Patch Update For Q4 of 2011

2011-10-20T19:09:00.001+03:00

Oracle has released updates for their products that fix 57 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2012.

Safari Update Available

2011-10-13T20:39:00.004+03:00

Apple has released new version of their Safari web browser. The new version contains fixes to 23 different vulnerabilities. Some of these vulnerabilities may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.1.1. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.1.1 version can be read here.

iTunes 10.5 Released

2011-10-12T16:48:00.002+03:00

Apple has released version 10.5 of their iTunes media player. New version fixes bunch of security vulnerabilities of which some allow an attacker to execute arbitrary code in target system. Latest version can be downloaded here.

More information about the update can be read from related security bulletin.

Microsoft Security Intelligence Report Volume 11 Released

2011-10-12T12:16:00.001+03:00

Microsoft has released volume 11 of their Security Intelligence Report (SIR). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It focuses on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. The latest, volume 11 covers the first part of year 2011 (January-June).

The report can be downloaded here.

Microsoft Security Updates For October 2011

2011-10-11T21:34:00.002+03:00

Microsoft has released security updates for October 2011. This month update contains eight security bulletins of which two critical and six important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Update For Chrome Available

2011-10-06T08:23:00.000+03:00

Google has released a new version of their Chrome web browser. Version 14.0.835.202 contains fixes to seven vulnerabilities of which one is critical and six are high categorized.

More information in Google Chrome Releases blog.

Facebook To Check Web Links

2011-10-04T18:58:00.001+03:00

Malicious web links is one of the problems that have brought negative publicity for Facebook. To help reducing this problem Facebook has teamed up with security company Websense. In near future, all web links published in Facebook will be checked to filter out malicious ones.

When user clicks a link in Facebook it will be sent to Websense for security classification. If the link is found to be malicious user will be given options to either access the link at one's own risk or return back to the previous screen.

More information can be read from Websense blog.

Symantec Intelligence Report: September 2011

2011-10-02T10:53:00.000+03:00

Symantec has published their Intelligence report that sums up the latest threat trends for September 2011.

Report highlights:
- Spam – 74.8 percent in September (a decrease of 1.1 percentage points since August 2011)
- Phishing – One in 447.9 emails identified as phishing (a decrease of 0.26 percentage points since August 2011)
- Malware – One in 188.7 emails in September contained malware (an increase of 0.04 percentage points since August 2011)
- Malicious Web sites – 3,474 Web sites blocked per day (an increase of 1.0 percent since August 2011)
- 44.6 percent of all malicious domains blocked were new in September (an increase of 10.0 percentage points since August 2011)
- 14.5 percent of all Web-based malware blocked was new in September (a decrease of 2.9 percentage points since August 2011)
- Malicious emails masquerade as office printer messages
- Spammers exploit WordPress vulnerability to promote pharmaceutical spam Web sites
- Fake Offers with Fake Trust Seals
- Spammers and malware authors making increasing use of obfuscated JavaScript
- Best Practices for Enterprises and Users

The report can be viewed here.

Updates To Mozilla Products

2011-09-30T07:41:00.001+03:00

Mozilla has released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which several categorized as critical.

Affected products are:
- Mozilla Thunderbird earlier than 7.0
- Mozilla SeaMonkey earlier than 2.4
- Mozilla Firefox earlier than 7.0 or 3.6.23

Links to the security advisories with details about addressed security issues:
MFSA 2011-45 Inferring Keystrokes from motion data
MFSA 2011-44 Use after free reading OGG headers
MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-41 Potentially exploitable WebGL crashes
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-38 XSS via plugins and shadowed window.location object
MFSA 2011-37 Integer underflow when using JavaScript RegExp
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Microsoft Security Advisory 2588513

2011-09-27T11:26:00.002+03:00

Microsoft has released a security advisory (2588513) discussing a new vulnerability reported in SSL 3.0 and TLS 1.0. "This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers."

More information:
Microsoft Security Advisory 2588513
Is SSL broken? – More about Security Advisory 2588513

Security Update For Adobe Flash Player

2011-09-22T10:54:00.000+03:00

Adobe has released an updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe states that there are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in targeted attacks via malicious web pages.

Affected versions:
-Users of Adobe Flash Player 10.3.183.7 and earlier are recommended to get update 10.3.183.10
-Users of Flash Player 10.3.186.6 and earlier for Android are recommended to get update 10.3.186.7
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

New Chrome Version Released

2011-09-20T08:02:00.000+03:00

Google has released a new version of their Chrome web browser. Version 14.0.835.163 contains fixes to 32 vulnerabilities of which some may allow an attacker to execute arbitrary code in target system.

More information in Google Chrome Releases blog.

Adobe Reader And Acrobat Security Updates

2011-09-14T11:43:00.001+03:00

Adobe has released security updates for its PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:

*of series X (10.x)
Adobe Reader 10.1 and earlier
Adobe Acrobat 10.1 and earlier

*of series 9.x
Adobe Reader 9.4.5 and earlier
Adobe Acrobat 9.4.5 and earlier

*of series 8.x
Adobe Reader 8.3 and earlier
Adobe Acrobat 8.3 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2011

2011-09-13T22:20:00.001+03:00

Microsoft has released security updates for September 2011. This month update contains five important catagorized security bulletins.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

ESET Global Threat Report for August 2011

2011-09-10T17:33:00.001+03:00

ESET has released a report discussing global threats of August 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. HTML/Iframe.B.Gen (5.)
4. Win32/Dorkbot (7.)
5. Win32/Sality (3.)
6. HTML/ScrInject.B (6.)
7. Win32/Autoit (8.)
8. Win32/PSW.OnLineGames (4.)
9. JS/TrojanDownloader.Iframe.NKE (-)
10. Win32/Ramnit (41.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Ransomware Posing As Microsoft

2011-09-07T20:00:00.004+03:00

Security company Panda warns in their blog about a ransomware that tries to trick users to believe their Windows authenticity has failed. To get it fixed users are asked to pay 100€ by following given instructions. Naturally, nothing should be paid. Panda have published a code that can be used to deactivate the malware.

More information in PandaLabs blog.

Symantec Intelligence Report: August 2011

2011-09-01T17:05:00.000+03:00

Symantec has published their Intelligence report that sums up the latest threat trends for August 2011.

Report highlights:
- Spam – 75.9 percent in August (a decrease of 1.9 percentage points since July 2011)
- Phishing – One in 207.7 emails identified as phishing (an increase of 0.48 percentage points since July 2011)
- Malware – One in 203.3 emails in August contained malware (an increase of 0.14 percentage points since July 2011)
- Malicious Web sites – 3,441 Web sites blocked per day (a decrease of 49.4 percent since July 2011)
- 34.1 percent of all malicious domains blocked were new in August (a decrease of 1.32 percentage points since July 2011)
- 17.3 percent of all Web-based malware blocked was new in August (a decrease of 3.82 percentage points since July 2011)
- Global Debt Crises News Drives Pump-and-Dump Stock Scams
- Are MBR Infections Back in Fashion?
- Phishing Apple’s iDisk
- Phishing Brazilian Brands
- The Truth Behind the Shady RAT
- Spammers take advantage of Unicode normalisation to hide URLs
- Best Practices for Enterprises and Users

The report can be viewed here.

Morto Worm Takes Advantage of Remote Desktop Protocol

2011-08-29T17:20:00.001+03:00

F-Secure warns in their blog about a network worm that takes advantage of Remote Desktop Protocol (RDP) as a way to spread itself. Once this Morto worm has infected the system it starts scanning the local network for machines having Remote Desktop Connection enabled. This thing creates much traffic for RDP port, port number 3389/TCP.

More information about Morto in F-Secure blog and there is also a discussion going on at Microsoft's Technet forums.

PHP 5.3.7 Released

2011-08-21T01:25:00.001+03:00

PHP development team has released 5.3.7 version of PHP scripting language. New version fixes big amount of bugs of which some are security related. All PHP users are recommended to upgrade their versions to this latest release.

More details about 5.3.7 release can be read from the official release announcement.

NSS Labs Browser Security Test Report

2011-08-19T08:20:00.000+03:00

NSS Labs has published a report of a test they made to compare how different browsers managed against socially-engineered malware.

Tested browsers were:
-Apple Safari 5
-Google Chrome 12
-Windows Internet Explorer 9
-Mozilla Firefox 4
-Opera 11

Internet Explorer 9 became the winner. It was able to stop 96 percent of malicious links via its SmartScreen URL Reputation feature and in addition 3.2 percent when its Application Reputation feature was turned on. The second place was taken by Chrome 12 (13.2%). Apple Safari 5 and Firefox 4 shared third place with percent of 7.6. Opera 11 caught 6.1 percent of samples.

The full report (in PDF format) can be viewed here.

Security Updates From RealNetworks

2011-08-18T23:22:00.001+03:00

RealNetworks have released updated versions of their RealPlayer. New versions contain fixes to several vulnerabilities.

Affected are:
- Windows RealPlayer earlier than 14.0.6
- RealPlayer Enterprise earlier than 2.1.6
- Mac RealPlayer earlier than 12.0.0.1701

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Mozilla Security Updates Available

2011-08-18T23:13:00.002+03:00

Security Updates From Adobe

2011-08-12T18:56:00.001+03:00

Adobe has released updated versions of some of their software. Major part of fixed issues are categorized as critical. Many of the fixed vulnerabilities may allow an attacker to execute arbitrary code in target system.

Affected Adobe products are:
- Shockwave Player 11.6.0.626 and earlier (Windows & Macintosh)
- Flash Media Server 4.0.2 and earlier (Windows & Linux)
- Flash Media Server 3.5.6 and earlier (Windows & Linux)
- Adobe Flash Player 10.3.181.36 and earlier (Windows, Macintosh, Linux & Solaris)
- Adobe Flash Player 10.3.185.25 and earlier (Android)
- Adobe AIR 2.7 and earlier (Windows, Macintosh & Android)
- Adobe Photoshop CS5, CS5.1 and earlier (Windows & Macintosh)
- RoboHelp 9.0.1.232 and earlier (Windows)
- RoboHelp Server 9 (Windows)
- RoboHelp 8 (Windows)
- RoboHelp Server 8 (Windows)

More information behind the following links:
Shockwave Player
Flash Media Server
Flash Player and AIR
Photoshop
RoboHelp

ESET Global Threat Report for July 2011

2011-08-12T18:46:00.001+03:00

ESET has released a report discussing global threats of July 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/Sality (3.)
4. Win32/PSW.OnLineGames (4.)
5. HTML/Iframe.B.Gen (6.)
6. HTML/ScrInject.B (9.)
7. Win32/Dorkbot (11.)
8. Win32/Autoit (5.)
9. HTML/StartPage.NAE (8.)
10. VBS/StartPage.NDS (48.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Microsoft Security Updates For August 2011

2011-08-10T14:01:00.000+03:00

Microsoft has released security updates for August 2011. This month update contains 13 security bulletins (two critical, nine important and two moderate).

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

New Chrome Version Available

2011-08-04T20:59:00.001+03:00

Google has released a new version of their Chrome web browser. Version 13.0.782.107 contains fixes to 30 vulnerabilities of which 14 are high, nine medium and seven low categorized.

More information in Google Chrome Releases blog.

Symantec Intelligence Report: July 2011

2011-08-01T12:26:00.002+03:00

Symantec has published their Intelligence report that sums up the latest threat trends for July 2011.

Report highlights:
- Spam – 77.8 percent in July (an increase of 4.9 percentage points since June 2011)
- Phishing – One in 319.3 emails identified as phishing (an increase of 0.01 percentage points since June 2011)
- Malware – One in 280.9 emails in July contained malware (an increase of 0.02 percentage points since June 2011)
- Malicious Web sites – 6,797 Web sites blocked per day (an increase of 25.5 percent since June 2011)
- 35.9 percent of all malicious domains blocked were new in July (an increase of 0.8 percentage points since June 2011)
- 21.1 percent of all Web-based malware blocked was new in July (an increase of 0.8 percentage points since June 2011)
- Aggressively unstable malware leads to a rise in sophisticated socially engineered attacks
- Phishers’ World in Your Cell Phone
- Large scale malware attack using URL shortening services
- Best Practices for Enterprises and Users

The report can be viewed here.

New Version Of Foxit Reader Available

2011-07-23T12:06:00.002+03:00

Foxit Software has released a new version of their PDF viewer, Foxit Reader. In addition to a bunch of minor bugs there're fixes for two security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system. The first vulnerability is caused by Insecure Library Loading and the second one is related to opening certain PDF files in a web browser.

Affected are Foxit Reader versions earlier than 5.0.2. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading a fresh version here (Note: remember to unselect Ask related options during the installation process unless you really want that installed too).

New Versions Of Safari Released

2011-07-22T10:45:00.000+03:00

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 58 different vulnerabilities. These vulnerabilities may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.1 or 5.0.6. Users of vulnerable Safari versions can get the latest version here.

Adobe warns that Safari 5.1 will break part of Adobe Acrobat and Adobe Reader Safari plugin functionality. More about this in Adobe blog post.

More information of security content of 5.1 and 5.0.6 versions can be read here.

Oracle Critical Patch Update For Q3 of 2011

2011-07-20T13:18:00.001+03:00

New Version Of VLC Player Available

2011-07-18T19:55:00.001+03:00

VideoLAN project has released a new version of their VLC media player. Version 1.1.11 contains fixes to two stack overflow vulnerabilities of RealMedia and AVI handling (security advisories 1105 and 1106).

Affected are VLC Player versions prior 1.1.11. Owners of those versions should update to the latest version.

ESET Global Threat Report for June 2011

2011-07-17T11:55:00.001+03:00

ESET has released a report discussing global threats of June 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/Sality (4.)
4. Win32/PSW.OnLineGames (3.)
5. Win32/Autoit (8.)
6. HTML/Iframe.B.Gen (7.)
7. Win32/Bflient (9.)
8. HTML/StartPage.NAE (5.)
9. HTML/ScrInject.B (11.)
10. Win32/Autorun (6.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

NSS Labs Browser Security Test Europe Q2 2011 Report

2011-07-17T11:32:00.002+03:00

NSS Labs has published a report of a test they made to compare how different browsers managed against socially-engineered malware targeting European users.

Tested browsers were:
-Apple Safari 5
-Google Chrome 10
-Windows Internet Explorer 8
-Windows Internet Explorer 9
-Mozilla Firefox 4
-Opera 11

The test winner was Internet Explorer 9. It was able to catch 92% of malware with its URL-based filtering and 100% with Application-based filtering enabled. The second came Internet Explorer 8 with 90% success of blocking. The third place was shared by Safari 5, Chrome 10 and Firefox 4, each able to stop 13%. Opera 11 was left the last with 5%.

The full report can be read here.

Hotmail Introduces New Features To Prevent Email Account Hijacking

2011-07-15T12:13:00.007+03:00

Email account hijacking has been one of the top problems I've faced while helping users on security forums. Big part of affected accounts is from Hotmail. Hotmail team knows about the problem and have developed two new features in order to help prevent account hijacking.

One of these is to let Hotmail user report if they suspect some of their friend's account as compromised. In situation like this user can take advantage of "My friend's been hacked!" feature on the "Mark as" menu. Alternatively, account can be reported as compromised while moving message to the Junk folder. Reporting isn't limited to Hotmail accounts only but accounts from other email providers like Yahoo and Gmail can be reported too. The second new feature prevents user from using common passwords as their account password.

More about these features can be read from related blog post in Windows Live blog.

Microsoft Security Updates For July 2011

2011-07-12T21:15:00.000+03:00

Microsoft has released security updates for July 2011. This month update contains four security bulletins, one critical and three important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

New WordPress Version Available

2011-07-04T14:31:00.001+03:00

There has been fixed a vulnerability in WordPress. The vulnerability could allow a malicious Editor-level user to gain further access to the site. Affected are:
-WordPress 3.1 prior version 3.1.4
-WordPress 3.2 prior version Release Candidate 3

More information (including instructions for updating) can be read from WordPress blog.

MessageLabs Intelligence Report: June 2011

2011-07-02T11:58:00.002+03:00

MessageLabs has published their Intelligence report that sums up the latest threat trends for June 2011.

Report highlights:
- Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011)
- Phishing – One in 330.6 emails identified as phishing (a decrease of 0.05 percentage points since May 2011)
- Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011)
- Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011)
- 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011)
- 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011)
- Review of Spam-sending botnets in June 2011
- Clicking to Watch Videos Leads to Pharmacy Spam
- Wiki for Everything, Even for Spam
- Phishers Return for Tax Returns
- Fake Donations Continue to Haunt Japan
- Spam Subject Line Analysis
- Best Practices for Enterprises and Users

The report can be viewed here.

New Chrome Version Available

2011-06-29T21:59:00.000+03:00

Google has released a new version of their Chrome web browser. Version 12.0.742.112 contains fresh version of Adobe Flash and fixes seven vulnerabilities of which six are high and one medium categorized.

More information in Google Chrome Releases blog.

Patches To Mozilla Products

2011-06-24T01:00:00.001+03:00

Mozilla has released security bulletins related to found issues in some of their products. Six of them are categorized as critical, three as moderate and one as low.

Critical:
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-23 Multiple dangling pointer vulnerabilities
MFSA 2011-26 Multiple WebGL crashes

Moderate:
MFSA 2011-24 Cookie isolation error
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
MFSA 2011-27 XSS encoding hazard with inline SVG

Low:
MFSA 2011-28 Non-whitelisted site can trigger xpinstall

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Adobe Shockwave Player Update Available

2011-06-16T17:48:00.002+03:00

Adobe has released updated version of their Shockwave Player. The new version fixes several security vulnerabilities. The update is categorized as critical.

Users of Adobe Shockwave Player 11.5.9.620 and earlier should update to Adobe Shockwave Player 11.6.0.626.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Update For Adobe Flash Player

2011-06-16T17:39:00.002+03:00

Adobe has released an updated version of their Flash Player. The new version fixes a critical memory corruption vulnerability (CVE-2011-2110) that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe states that there are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages.

Affected versions:
-Users of Flash Player 10.3.181.23 and earlier are recommended to get update 10.3.181.26
-Users of Flash Player 10.3.185.23 and earlier for Android are recommended to get update 10.3.185.24
-Flash Player integrated with Google Chrome will be updated by Google via Chrome update.

More information can be read from Adobe's security bulletin.

Security Updates For Adobe Reader And Acrobat

2011-06-16T17:19:00.001+03:00

Adobe has released security updates for its PDF products, Adobe Reader and Adobe Acrobat.

Affected versions:

*of series X (10.x)
Adobe Reader 10.0.1 and earlier
Adobe Acrobat 10.0.3 and earlier

*of series 9.x
Adobe Reader 9.4.4 and earlier
Adobe Acrobat 9.4.4 and earlier

*of series 8.x
Adobe Reader 8.2.6 and earlier
Adobe Acrobat 8.2.6 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Microsoft Security Updates For June 2011

2011-06-16T17:08:00.001+03:00

Microsoft has released security updates for June 2011. This month update contains 16 updates.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Fresh Chrome Version Available

2011-06-09T22:41:00.001+03:00

Google has released a new version of their Chrome web browser. Version 12.0.742.91 contains some new features like for example:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome

New version patches also 14 security vulnerabilities in Chrome itself.

More information in Google Chrome Releases blog.

Critical Java Updates From Oracle

2011-06-08T21:41:00.001+03:00

Oracle has released update for Java SE. The update fixes 17 security vulnerabilities of which 12 can be exploited to execute arbitrary code in affected system.

Affected versions are:
• JDK and JRE 6 Update 25 and earlier
• JDK 5.0 Update 29 and earlier
• SDK 1.4.2_31 and earlier

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Some VMware Security Issues Fixed

2011-06-07T19:30:00.001+03:00

VMware has released security updates to patch some security vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation prior 7.1.4
- VMware Player prior 3.1.4
- VMware Fusion prior 3.1.3
- ESXi 4.1 without patch ESXi410-201104402-BG
- ESXi 4.0 without patch ESXi400-201104402-BG
- ESXi 3.5 without patches ESXe350-201105401-I-SG and ESXe350-201105402-T-SG
- ESX 4.1 without patch ESX410-201104401-SG
- ESX 4.0 without patch ESX400-201104401-SG
- ESX 3.5 without patches ESX350-201105401-SG, ESX350-201105404-SG and ESX350-201105406-SG

Further information including updating instructions can be read from VMware's security advisory.

New Version Of VLC Player Available

2011-06-07T19:16:00.003+03:00

VideoLAN project has released a new version of their VLC media player. Among other things version 1.1.10 contains a fix to a bug regarding an integer overflow in xspf demuxer. It also contains an update of libmodplug for security reasons in Windows and Mac versions.

Affected are VLC Player versions prior 1.1.10. Owners of those versions should update to the latest version.

Critical Security Update Available For Adobe Flash

2011-06-06T21:54:00.001+03:00

Adobe has released patched version of their popular Flash Player. Version 10.3.181.22 (10.3.181.23 for ActiveX) fixes a universal cross-site scripting vulnerability (CVE-2011-2107) that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Affected software:
- Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.3.185.22 and earlier versions for Android

Patched version for Windows, Macintosh, Linux and Solaris operating systems is available at Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 for Macintosh can install the update via the auto-update mechanism within the product when prompted. Adobe says that they expect to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

More information in Adobe's security bulletin.

ESET Global Threat Report for May 2011

2011-06-02T13:50:00.001+03:00

ESET has released a report discussing global threats of May 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/PSW.OnLineGames (3.)
4. Win32/Sality (4.)
5. HTML/StartPage.NAE (17.)
6. JS/Redirector (11.)
7. HTML/Iframe.B.Gen (7.)
8. Win32/Autoit (5.)
9. Win32/Bflient (8.)
10. Win32/Autorun (6.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format)

MessageLabs Intelligence Report: May 2011

2011-06-02T13:14:00.001+03:00

MessageLabs has published their Intelligence report that sums up the latest threat trends for May 2011.

Report highlights:
- Spam – 75.8% in May (an increase of 2.9 percentage points since April 2011)
- Viruses – One in 222.3 emails in May contained malware (a decrease of 0.14 percentage points since April 2011)
- Phishing – One in 286.7 emails comprised a phishing attack (a decrease of 0.06 percentage points since April 2011)
- Malicious web sites – 3,170 web sites blocked per day (an increase of 30.4% since April 2011)
- 36.8% of all malicious domains blocked were new in May (an increase of 3.8 percentage points since April 2011)
- 24.6% of all web-based malware blocked was new in May (an increase of 2.1 percentage points since April 2011)
- For the First Time, Spammers establish their own fake URL-shortening services

The report can be viewed here.

Vulnerabilities Affecting IBM Lotus Notes

2011-05-28T13:53:00.003+03:00

There have been found buffer overflow vulnerabilities in IBM Lotus Notes for Windows. The vulnerabilities could allow an attacker to execute arbitrary code in target system. To exploit the vulnerabilities user can be lured to open specially crafted file attachment.

Affected software:
IBM Lotus Notes 8.5.2
IBM Lotus Notes 8.5.1
IBM Lotus Notes 8.0.x
IBM Lotus Notes 7.x
IBM Lotus Notes 6.x
IBM Lotus Notes 5.x

At the moment there's a patch available for version 8.5.2 only. Users of other affected versions are advised to turn vulnerable feature off until the fix is available. More information about workarounds here.

MAX++ Malware Back With x64 Version

2011-05-24T21:39:00.002+03:00

MAX++ (aka ZeroAccess) trojan is not totally new malware but its x64 version is. "Computers are infected using a drive-by attack on a browser and its components via the Bleeding Life exploit kit. In particular, Acrobat Reader (CVE 2010-0188, CVE 2010-1297, CVE 2010-2884, CVE 2008-2992) and Java (CVE 2010-0842, CVE 2010-3552) modules are prone to attack.", explains Kaspersky Lab Expert Vasily Berdnikov in company's blog.

Detailed description of MAX++ x86 and x64 version behaviour can be read from the related Kaspersky blog post.

Security Update For Opera Released

2011-05-19T18:12:00.001+03:00

Opera Software has released an update for their Opera web browser. Version 11.11 contains fix to one security vulnerability.

critical:
* Frameset issue allows execution of arbitrary code; advisory.

Opera users are strongly recommended to update to 11.11 version. New version can be downloaded here.

Microsoft Security Intelligence Report Volume 10 Released

2011-05-15T14:06:00.001+03:00

Microsoft has released volume 10 of their Security Intelligence Report (SIR). "The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers." The latest, volume 10 covers year 2010.

The report can be downloaded here.

Updates For Adobe Products Available

2011-05-13T22:40:00.001+03:00

Adobe has released updates for their Adobe Flash Player, Flash Media Server, Audition and Robohelp products. In total 16 vulnerabilities were fixed and 15 of these being critical.

Affected versions:
- Adobe Flash Player 10.2.159.1 and earlier versions (Windows, Macintosh,Linux, Solaris)
- Adobe Flash Player 10.2.154.28 and earlier versions (Chrome)
- Adobe Flash Player 10.2.157.51 and earlier versions (Android)
- Adobe Flash Media Server 4.0.1 and earlier versions (Windows, Linux)
- Adobe Flash Media Server 3.5.5 and earlier versions (Windows, Linux)
- Adobe Audition 3.0.1 and earlier versions (Windows)
- Adobe RoboHelp 7 and 8 (Windows)
- Adobe RoboHelp Server 7 and 8 (Windows)

Details about available updates and other information can be read from Adobe PSIRT blog.

Microsoft Security Updates For May 2011

2011-05-11T18:50:00.001+03:00

Microsoft has released security updates for May 2011. This month update contains fixes to three vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

ESET Global Threat Report for April 2011

2011-05-08T13:48:00.003+03:00

ESET has released a report discussing global threats of April 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/PSW.OnLineGames (3.)
4. Win32/Sality (4.)
5. Win32/Autoit (9.)
6. Win32/Autorun (7.)
7. HTML/Iframe.B.Gen (15.)
8. Win32/Bflient (6.)
9. Win32/Tifaut.C (8.)
10. Win32/Spy.Ursnif.A (10.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format)

TDL4 Rootkit And 64-bit Windows

2011-05-08T13:20:00.003+03:00

Last month, Microsoft released KB2506014 patch to fix a hole TDL4 rootkit had used to successfully bypass security implementions in the 64-bit version of Windows. Authors of TDL4 have now made some modifications to their evil creation to bypass Microsoft's patch. Below are links to two recent blog posts discussing the latest turn of this highly advanced rootkit.

TDL4 rootkit is coming back stronger than before by Marco Giuliani, Prevx
Backdoor.Tidserv and x64 by Mircea Ciubotariu, Symantec

MessageLabs Intelligence Report: April 2011

2011-05-04T22:43:00.000+03:00

MessageLabs has published their Intelligence report that sums up the latest threat trends for April 2011.

Report highlights:
- Spam – 72.9% in April (a decrease of 6.4 percentage points since March 2011)
- Viruses – One in 168.6 emails in April contained malware (an increase of 0.11 percentage points since March 2011)
- Phishing – One in 242.2 emails comprised a phishing attack (an increase of 0.02 percentage points since March 2011)
- Malicious web sites – 2,431 web sites blocked per day (a decrease of 18.2% since March 2011)
- 33.0% of all malicious domains blocked were new in April (a decrease of 4.0 percentage points since March 2011)
- 22.5% of all web-based malware blocked was new in April (a decrease of 1.9 percentage points since March 2011)
- Targeted attacks increase in intensity: What does a recent targeted attack look like?
- Shortened URLs: Do you know what you’re clicking on?

The report can be viewed here.

Mozilla Updates Available

2011-04-30T01:22:00.002+03:00

Mozilla has released security bulletins related to found issues in some of their products. Four of these are categorized as critical, two as moderate and one as low.

Critical:
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-17 WebGLES vulnerabilities

Moderate:
MFSA 2011-14 Information stealing via form history
MFSA 2011-16 Directory traversal in resource: protocol

Low:
MFSA 2011-18 XSLT generate-id() function heap address leak

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

The Upcoming Royal Wedding And Malware

2011-04-26T10:08:00.004+03:00

Malware spreaders are once again taking advantage of attracting event to get some dirty work done. This time it's a theme under the Royal Wedding ceremony that will take place on April 29. GFI LABS have a few entries about this in their blog:
http://sunbeltblog.blogspot.com/2011/04/fake-av-we-are-not-amused.html
http://sunbeltblog.blogspot.com/2011/04/collection-of-royal-wedding-fakeouts.html
http://sunbeltblog.blogspot.com/2011/04/kate-middleton-has-blog-and-some-fake.html

Time to be careful when looking for information about the Royal Wedding (or any hot topic at the moment) and clicking hits returned by web search engines or links seen on Facebook and other social media. More hints offers for example this post on F-Secure's Safe and Savvy blog.

Security Updates Available For Adobe Reader And Acrobat

2011-04-22T13:20:00.001+03:00

Adobe has released updated version of their Adobe Reader and Acrobat products. The new version fixes a couple of critical vulnerabilities.

Patched versions were released for Adobe Reader 9.x and Acrobat 9.x series (and Adobe Reader X for Macintosh). Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe is planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

Details about available updates and other information can be read from Adobe Security Advisory APSB11-08.

Oracle Critical Patch Update For Q2 of 2011

2011-04-21T12:01:00.002+03:00

Oracle has released updates for their products that fix 73 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2011.

Security Update Available For Adobe Flash

2011-04-16T15:25:00.000+03:00

Adobe has released patched version of their popular Flash Player. Version 10.2.159.1 fixes vulnerability that was announced earlier in Adobe's Security Advisory APSA11-02.

More information in Adobe's security bulletin.

New Chrome Version Released

2011-04-15T17:28:00.001+03:00

Google has released a new version of their Chrome web browser. Version 10.0.648.205 contains a new version of Adobe Flash fixing a security vulnerability (CVE-2011-0611). New version patches also three security vulnerabilities in Chrome itself.

More information in Google Chrome Releases blog.

Patched Version of Safari Released

2011-04-15T17:19:00.001+03:00

Apple has released a new versions of their Safari web browser. Version 5.0.5 contains fixes to two WebKit (=browser engine in Safari) vulnerabilities. These may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.5. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.5 version can be read here.

Unpatched Vulnerability Affecting Adobe Products

2011-04-13T16:02:00.002+03:00

There has been found a critical vulnerability (CVE-2011-0611) in Adobe Flash Player which also impacts the authplay.dll component shipping with Adobe Reader and Acrobat. The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Adobe states that there are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat.

Affected versions are:
- Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.25 and earlier for Chrome users
- Adobe Flash Player 10.2.156.12 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

Adobe states that it's finalizing a schedule for delivering updates to affected versions. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe is currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

More information:
Security Advisory

Microsoft Security Updates For April 2011

2011-04-13T15:51:00.001+03:00

Microsoft has released security updates for April 2011. This month update contains fixes to over 60 vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.