Monday, October 31, 2011

ESET Global Threat Report for September 2011

ESET has released a report discussing global threats of September 2011.

TOP 10 threats list (previous ranking listed too):

1. INF/Autorun (1.)
2. Win32/Conficker (2.)
3. Win32/Dorkbot (4.)
4. Win32/Sality (5.)
5. HTML/Iframe.B.Gen (3.)
6. Win32/Autoit (7.)
7. HTML/ScrInject.B (6.)
8. Win32/Ramnit (10.)
9. Win32/PSW.OnLineGames (8.)
10. JS/TrojanDownloader.Iframe.NKE (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, October 28, 2011

QuickTime 7.7.1 Released

Apple has released new version of their QuickTime. Version 7.7.1 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

QuickTime users with version older than 7.7.1 should update to the latest one available.

More information about security content of QuickTime 7.7.1 can be read here.

Wednesday, October 26, 2011

New Chrome Version Available

Google has released a new version of their Chrome web browser. Version 15.0.874.102 contains fixes to 18 vulnerabilities of which 11 are high, three are medium and four low categorized. Along with security fixes there's also some other tweaks, like a New Tab page, added.

More information in Google Chrome Releases blog.

Thursday, October 20, 2011

Java Updates From Oracle

Oracle has released update for Java JRE and JDK. The update fixes 20 vulnerabilities of which nine can be exploited to execute arbitrary code in affected system.

Affected versions are:
- Java 7 JRE and JDK earlier than update 1 (1.7.0_1)
- Java 6 JRE and JDK earlier than update 29 (1.6.0_29)
- Java 5.0 JRE and JDK earlier than update 32 (1.5.0_32)
- Java 1.4.2 JRE and JDK earlier than update 34 (1.4.2_34)

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Oracle Critical Patch Update For Q4 of 2011

Oracle has released updates for their products that fix 57 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2012.

Thursday, October 13, 2011

Safari Update Available

Apple has released new version of their Safari web browser. The new version contains fixes to 23 different vulnerabilities. Some of these vulnerabilities may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.1.1. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.1.1 version can be read here.

Wednesday, October 12, 2011

iTunes 10.5 Released

Apple has released version 10.5 of their iTunes media player. New version fixes bunch of security vulnerabilities of which some allow an attacker to execute arbitrary code in target system. Latest version can be downloaded here.

More information about the update can be read from related security bulletin.

Microsoft Security Intelligence Report Volume 11 Released

Microsoft has released volume 11 of their Security Intelligence Report (SIR). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. It focuses on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. The latest, volume 11 covers the first part of year 2011 (January-June).

The report can be downloaded here.

Tuesday, October 11, 2011

Microsoft Security Updates For October 2011

Microsoft has released security updates for October 2011. This month update contains eight security bulletins of which two critical and six important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Thursday, October 6, 2011

Update For Chrome Available

Google has released a new version of their Chrome web browser. Version 14.0.835.202 contains fixes to seven vulnerabilities of which one is critical and six are high categorized.

More information in Google Chrome Releases blog.

Tuesday, October 4, 2011

Facebook To Check Web Links

Malicious web links is one of the problems that have brought negative publicity for Facebook. To help reducing this problem Facebook has teamed up with security company Websense. In near future, all web links published in Facebook will be checked to filter out malicious ones.

When user clicks a link in Facebook it will be sent to Websense for security classification. If the link is found to be malicious user will be given options to either access the link at one's own risk or return back to the previous screen.

More information can be read from Websense blog.

Sunday, October 2, 2011

Symantec Intelligence Report: September 2011

Symantec has published their Intelligence report that sums up the latest threat trends for September 2011.

Report highlights:
- Spam – 74.8 percent in September (a decrease of 1.1 percentage points since August 2011)
- Phishing – One in 447.9 emails identified as phishing (a decrease of 0.26 percentage points since August 2011)
- Malware – One in 188.7 emails in September contained malware (an increase of 0.04 percentage points since August 2011)
- Malicious Web sites – 3,474 Web sites blocked per day (an increase of 1.0 percent since August 2011)
- 44.6 percent of all malicious domains blocked were new in September (an increase of 10.0 percentage points since August 2011)
- 14.5 percent of all Web-based malware blocked was new in September (a decrease of 2.9 percentage points since August 2011)
- Malicious emails masquerade as office printer messages
- Spammers exploit WordPress vulnerability to promote pharmaceutical spam Web sites
- Fake Offers with Fake Trust Seals
- Spammers and malware authors making increasing use of obfuscated JavaScript
- Best Practices for Enterprises and Users


The report can be viewed here.