Thursday, November 27, 2014

Google Chrome Updated

Google have released version 39.0.2171.71 of their Chrome web browser. New version contains an update for Adobe Flash and some other fixes.

More information about these in Google Chrome Releases blog.

Wednesday, November 26, 2014

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new version adds extra hardening against the vulnerability CVE-2014-8439 (a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution) which was mitigated in the October release.

Affected versions:

- Users of Adobe Flash Player 15.0.0.223 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239

- Users of Adobe Flash Player 11.2.202.418 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.424

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update



More information can be read from Adobe's security bulletin.

Sunday, November 23, 2014

WordPress 4.0.1 Released

There have been released new versions of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
3.9.2, 3.8.4, 3.7.4 and their earlier versions

More information can be read from the WordPress blog.

Wednesday, November 19, 2014

Google Chrome Updated

Google have released version 39.0.2171.65 of their Chrome web browser. New version contains fixes to 42 security issues.

More information about these in Google Chrome Releases blog.

Symantec Intelligence Report: October 2014

Symantec have published their Intelligence report that sums up the latest threat trends for October 2014.

Report highlights:
- Of the industries attacked through spear phishing, the category of Finance, Insurance, and Real Estate received 28 percent of all attempts in the month of October.
- The largest data breach in October had previously been reported; however, we learned this month that the breach resulted in the exposure of identities within 76 million households.
- OSX.Okaz was the most frequently encountered OSX risk seen on OSX endpoints, making up 28.8 percent of OSX risks.
- Crypto-style ransomware made up 55 percent of all ransomware seen in the month of October.


The report (in PDF format) can be viewed here.

Monday, November 17, 2014

Microsoft Security Intelligence Report Volume 17 Released

Microsoft have released volume 17 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Wednesday, November 12, 2014

Google Chrome Updated

Google have released version 38.0.2125.122 of their Chrome web browser. Among other fixes (log) the new version contains an update for Adobe Flash.

More information about these in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 15.0.0.189 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223

- Users of Adobe Flash Player 11.2.202.411 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.418

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 15.0.0.302 SDK and earlier versions should update to the Adobe AIR 15.0.0.356 SDK.

- Users of the Adobe AIR 15.0.0.302 SDK & Compiler and earlier versions should update to the Adobe AIR 15.0.0.356 SDK & Compiler.

- Users of Adobe AIR 15.0.0.293 and earlier versions for Android should update to Adobe AIR  15.0.0.356.

- Users of Adobe AIR 15.0.0.293 and earlier versions for Windows and Macintosh should update to Adobe 15.0.0.356.


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For November 2014

Microsoft have released security updates for November 2014. This month update contains fourteen security bulletins of which four categorized as critical, eight as important and two as moderate.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, November 10, 2014

Google Study About Manual Hijacking

Account hijacking is a thing that happens a lot. There are different types of hijacking of which one of the most common is mass hijacking. In this case, an automated process uses compromised systems to send out spam messages, malware and phishing campaigns to get even more accounts hijacked. This kind of attacks are usually targeting political institutions, universities, governments and corporations.

Another type of hijacking is so called manual hijacking. This type of attacks are targeting normal users and are done by individuals instead of automated botnets.

Google have published a study they made about manual hijacking. This study can be viewed here (as a pdf document)

Friday, November 7, 2014

Also 53 Million Email Addresses Taken In Home Depot Data Breach

Some time ago Home Depot was in headlines with a data breach where 56 million credit card account details were compromised. During the investigation of that data breach Home Depot found out that the payment data was not the only thing stolen but that 53 million email addresses were taken too.

More information in Home Depot press release.