Monday, June 30, 2014

RealPlayer Update

RealNetworks has released updated version of their RealPlayer. New version contains a fix to a buffer overflow vulnerability (CVE-2014-3113).

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Tuesday, June 24, 2014

Symantec Intelligence Report: May 2014

Symantec have published their Intelligence report that sums up the latest threat trends for May 2014.

Report highlights:
- A large data breach occurred in May, resulting in the potential exposure of over 145 million identities. Over 577 million identities have been exposed in the last 12 months.
- Ransomware continues to decline as the year progresses, down to 17 percent of the peak levels seen back in November 2013.
- Spam, phishing, and virus rates are up in May, after having each dropped in April.


The report (in PDF format) can be viewed here.

Friday, June 13, 2014

Google Chrome Updated

Google have released version 35.0.1916.153 of their Chrome web browser. Among four security fixes and other bug fixes the new version contains a new version of Flash Player.

More information about these in Google Chrome Releases blog.

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which six categorized as critical and two as high.

Affected products are:
- Mozilla Firefox earlier than 30
- Mozilla Firefox ESR 24.x earlier than 24.6
- Mozilla Thunderbird earlier than 24.6

Links to the security advisories with details about addressed security issues:
MFSA 2014-55 Out of bounds write in NSPR
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Wednesday, June 11, 2014

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.125

- Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.378

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of the Adobe AIR 13.0.0.111 SDK and earlier versions should update to the Adobe AIR 14.0.0.110 SDK.

- Users of the Adobe AIR 13.0.0.111 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.110 SDK & Compiler.

- Users of Adobe AIR 13.0.0.111 and earlier versions for Android should update to Adobe AIR 14.0.0.110.

- Users of Adobe AIR 13.0.0.111 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.110.


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For June 2014

Microsoft have released security updates for June 2014. This month update contains seven security bulletins of which two categorized as critical and five as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Is Your Computer Infected By GameOver ZeuS?

Last week the GameOver ZeuS (GOZ) botnet was disrupted by international law enforcement together with industry partners (more information here). While the botnet was disrupted it's not dismantled. There are still over one million computers infected by GOZ. Security company F-Secure has put available a website that can be used to check if your system is affected. The site is: http://www.f-secure.com/gameoverzeus

Technical details about the check are given in the related post in F-Secure blog.


Monday, June 9, 2014

Java Updated

Oracle has released an update to Java 7. Latest release is Java 7 Update 60. More information about the release here.

Friday, June 6, 2014

ESET Global Threat Report for May 2014

ESET have published a report discussing global threats of May 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (2.)
3. Win32/Sality (3.)
4. HTML/ScrInject (4.)
5. INF/Autorun (5.)
6. Win32/Qhost (6.)
7. Win32/Conficker (7.)
8. Win32/Ramnit (8.)
9. Win32/TrojanDownloader.Waski (9.)
10. Win32/Dorkbot (10.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).