Tuesday, December 29, 2015

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 20.0.0.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.267

- Users of Adobe Flash Player 11.2.202.554 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.559

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 20.0.0.204 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.233 SDK & Compiler

- Users of Adobe AIR 20.0.0.204 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.233.


More information can be read from Adobe's security bulletin.

Tuesday, December 22, 2015

Google Chrome Updated

Google have released version 47.0.2526.106 of their Chrome web browser. Among other fixes the new version contains two security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, seven as high, three as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 43
- Mozilla Firefox ESR earlier than 38.5

Links to the security advisories with details about addressed security issues:
MFSA 2015-149 Cross-site reading attack through data and view-source URIs
MFSA 2015-148 Privilege escalation vulnerabilities in WebExtension APIs
MFSA 2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-145 Underflow through code inspection
MFSA 2015-144 Buffer overflows found through code inspection
MFSA 2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
MFSA 2015-142 DOS due to malformed frames in HTTP/2
MFSA 2015-141 Hash in data URI is incorrectly parsed
MFSA 2015-140 Cross-origin information leak through web workers error events
MFSA 2015-139 Integer overflow allocating extremely large textures
MFSA 2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-137 Firefox allows for control characters to be set in cookies
MFSA 2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
MFSA 2015-135 Crash with JavaScript variable assignment with unboxed objects
MFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Monday, December 14, 2015

Symantec Intelligence Report: November 2015

Symantec have published their Intelligence report that sums up the latest threat trends for November 2015.

Report highlights:
- The proportion of email traffic containing malware was up in November, where one in 140 emails contained malware.
- The overall email spam rate in November was also up at 54.1 percent, increasing 0.6 percentage points from October.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during November, comprising 41 percent of all targeted attacks.


The report (in PDF format) can be viewed here.

Friday, December 11, 2015

Google Chrome Updated

Google have released version 47.0.2526.80 of their Chrome web browser. Among 7 security fixes and some other fixes the new version contains an update to Adobe Flash Player (20.0.0.228). More information about changes in Google Chrome Releases blog.

Microsoft Security Updates For December 2015

Microsoft have released security updates for December 2015. This month update contains 12 security bulletins of which eight categorized as critical and four as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.245 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari)

- Users of Adobe Flash Player 11.2.202.548 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.554

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 19.0.0.241 SDK & Compiler and earlier versions should update to the Adobe AIR 20.0.0.204 SDK & Compiler

- Users of Adobe AIR 19.0.0.241 and earlier versions for Desktop Runtime should update to Adobe AIR 20.0.0.204.


More information can be read from Adobe's security bulletin.

Tuesday, December 8, 2015

ESET Threat Radar Report for November 2015

ESET have published a report discussing global threats of November 2015.

TOP 10 threats list (previous ranking listed too):
1. Win32/Bundpil (1.)
2. LNK/Agent.BZ (-)
3. LNK/Agent.BS (2.)
4. HTML/ScrInject (5.)
5. LNK/Agent.AV (3.)
6. JS/TrojanDownloader.Iframe (4.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. HTML/IFrame (-)
10. INF/Autorun (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Monday, December 7, 2015

Google Chrome Updated

Google have released version 47.0.2526.73 of their Chrome web browser. Among other fixes the new version contains a bunch of security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Tuesday, November 24, 2015

Adobe ColdFusion Hotfix Available

Adobe have released updated versions of ColdFusion web application development platform. This hotfix resolves two input validation issues (CVE-2015-8052 and CVE-2015-8053) that could be used to conduct reflected cross-site scripting attacks. The fix also includes an updated version of BlazeDS which resolves an important Server-side Request Forgery vulnerability (CVE-2015-5255).  

Affected versions:
- ColdFusion 11 and 10


More information can be read from Adobe's security bulletin.

Adobe LiveCycle Data Services Fix Available

Adobe has released an update for LiveCycle Data Services (LiveCycle DS). The update includes patched version of BlazeDS that fixes an important server-side request forgery vulnerability.

Affected versions:
LiveCycle DS versions 4.7, 4.6.2, 4.5, 3.1.x, 3.0.x on Windows, Macintosh and Unix platforms

More information in Adobe security bulletin.

Monday, November 16, 2015

ESET Threat Radar Report for October 2015

ESET have published a report discussing global threats of October 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Bundpil (1.)
2. LNK/Agent.BS (-)
3. LNK/Agent.AV (5.)
4. JS/TrojanDownloader.Iframe (2.)
5. HTML/ScrInject (4.)
6. Win32/Sality (7.)
7. Win32/Ramnit (9.)
8. JS/IFrame (-)
9. INF/Autorun (10.)
10. Win32/AdWare.ConvertAd (-)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Symantec Intelligence Report: October 2015

Symantec have published their Intelligence report that sums up the latest threat trends for October 2015.

Report highlights:
- The number of vulnerabilities disclosed increased in October, from 349 in September to 441 reported during this month.
- Crypto-ransomware was up once again during October, setting another high for 2015.
- Large enterprises were the target of 67.9 percent of spear-phishing attacks as well, up from 45.7 percent in September.


The report (in PDF format) can be viewed here.

Wednesday, November 11, 2015

Google Chrome Updated

Google have released version 46.0.2490.86 of their Chrome web browser. Among other fixes the new version contains an update to Adobe Flash Player (19.0.0.245). More information about changes in Google Chrome Releases blog.

Microsoft Security Updates For November 2015

Microsoft have released security updates for November 2015. This month update contains 12 security bulletins of which four categorized as critical and eight as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.226 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.245

- Users of Adobe Flash Player 11.2.202.540 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.548

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 19.0.0.213 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.241 SDK & Compiler

- Users of Adobe AIR 19.0.0.213 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.241.


More information can be read from Adobe's security bulletin.

Monday, November 9, 2015

Fix For vBulletin Available

There has been released an update to vBulletin 5 Connect software that is used on many internet forums. The update fixes an actively exploited vulnerability (affects versions 5.1.4 - 5.1.9). A public method for exploiting is available so it's strongly advised that vBulletin using forums are updated with the latest version.

More information:
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4332166-security-patch-release-for-vbulletin-5-connect-versions-5-1-4-through-5-1-9
- http://arstechnica.com/security/2015/11/vbulletin-password-hack-fuels-fear
s-of-serious-internet-wide-0-day-attacks

Thursday, November 5, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which three categorized as critical, six as high, seven as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 42
- Mozilla Firefox ESR earlier than 38.4

Links to the security advisories with details about addressed security issues:
MFSA 2015-133 NSS and NSPR memory corruption issues
MFSA 2015-132 Mixed content WebSocket policy bypass through workers
MFSA 2015-131 Vulnerabilities found through code inspection
MFSA 2015-130 JavaScript garbage collection crash with Java applet
MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
MFSA 2015-128 Memory corruption in libjar through zip files
MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X
MFSA 2015-125 XSS attack through intents on Firefox for Android
MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files
MFSA 2015-123 Buffer overflow during image interactions in canvas
MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect
MFSA 2015-120 Reading sensitive profile files through local HTML file on Android
MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode
MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist
MFSA 2015-117 Information disclosure through NTLM authentication
MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Monday, October 26, 2015

Oracle Critical Patch Update For Q4 of 2015

Oracle have released updates for their products that fix 154 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2016.

Google Chrome Updated

Google have released version 46.0.2490.80 of their Chrome web browser. Among other fixes the new version contains an update to Adobe Flash Player (19.0.0.226). More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: September 2015

Symantec have published their Intelligence report that sums up the latest threat trends for September 2015.

Report highlights:
- There were a total of 10 zero-day vulnerabilities disclosed during the month of September.
- Large enterprises were the target of 45.7 percent of spear-phishing attacks in September, up from 11.7 percent in August.
- The Finance, Insurance, & Real Estate sector was the most targeted sector during September, comprising 27 percent of all targeted attacks.


The report (in PDF format) can be viewed here.

ITunes 12.3.1 Released

Apple have released version 12.3.1 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.3.1 can be read from related security advisory.

Old version users should updated to the latest one available.

Sunday, October 18, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.226

- Users of Adobe Flash Player 11.2.202.535 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.540

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Thursday, October 15, 2015

Microsoft Security Updates For October 2015

Microsoft have released security updates for October 2015. This month update contains six security bulletins of which three categorized as critical and three as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.008.20082 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30060 and earlier

*of series XI (11.x)
Adobe Reader 11.0.12 and earlier
Adobe Acrobat 11.0.12 and earlier

*of series X (10.x)
Adobe Reader 10.1.15 and earlier
Adobe Acrobat 10.1.15 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 19.0.0.185 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.207

- Users of Adobe Flash Player 11.2.202.521 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.535

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 19.0.0.190 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.213 SDK & Compiler

- Users of Adobe AIR 19.0.0.190 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.213.


More information can be read from Adobe's security bulletin.

Wednesday, October 14, 2015

Google Chrome Updated

Google have released version 46.0.2490.71 of their Chrome web browser. The new version contains fixes to 24 security issues. More information about changes in Google Chrome Releases blog.

Monday, October 12, 2015

ESET Threat Radar Report for September 2015

ESET have published a report discussing global threats of September 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Bundpil (1.)
2. JS/TrojanDownloader.Iframe (-)
3. Win32/Adware.Mobogenie (-)
4. HTML/ScrInject (-)
5. LNK/Agent.AV (4.)
6. LNK/Agent.BX (-)
7. Win32/Sality (6.)
8. Win32/TrojanDownloader.Waski (-)
9. Win32/Ramnit (8.)
10. INF/Autorun (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, October 7, 2015

VMWare Updates Available

VMware has released security update to patch a bunch of vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
- VMware vCenter Server 6.0 prior to version 6.0 update 1
- VMware vCenter Server 5.5 prior to version 5.5 update 3
- VMware vCenter Server 5.1 prior to version 5.1 update u3b
- VMware vCenter Server 5.0 prior to version 5.0 update u3e


Further information including updating instructions can be read from VMware's security advisory.

PHP Versions 5.6.14 and 5.5.30 Released

PHP development team has released 5.6.14 and 5.5.30 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Tuesday, September 29, 2015

Google Chrome Updated

Google have released version 45.0.2454.101 of their Chrome web browser. Among other bugs two security issues (CVE-2015-1303, CVE-2015-1304) were fixed. More information about changes in Google Chrome Releases blog.

Thursday, September 24, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, five as high, nine as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 41
- Mozilla Firefox ESR earlier than 38.3

Links to the security advisories with details about addressed security issues:
MFSA 2015-114 Information disclosure via the High Resolution Time API
MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
MFSA 2015-112 Vulnerabilities found through code inspection
MFSA 2015-111 Errors in the handling of CORS preflight request headers
MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
MFSA 2015-108 Scripted proxies can access inner window
MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
MFSA 2015-106 Use-after-free while manipulating HTML media content
MFSA 2015-105 Buffer overflow while decoding WebM video
MFSA 2015-104 Use-after-free with shared workers and IndexedDB
MFSA 2015-103 URL spoofing in reader mode
MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
MFSA 2015-97 Memory leak in mozTCPSocket to servers
MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.232 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 19.0.0.185

- Users of Adobe Flash Player 11.2.202.508 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.521

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 18.0.0.199 SDK & Compiler and earlier versions should update to the Adobe AIR 19.0.0.190 SDK & Compiler

- Users of Adobe AIR 18.0.0.199 and earlier versions for Desktop Runtime should update to Adobe AIR 19.0.0.190.


More information can be read from Adobe's security bulletin.

WordPress 4.3.1 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities among a bunch of other bug fixes.

Affected versions:
WordPress versions earlier than 4.3.1

More information can be read from the WordPress blog.

Wednesday, September 16, 2015

Google Chrome Updated

Google have released version 45.0.2454.93 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: August 2015

Symantec have published their Intelligence report that sums up the latest threat trends for August 2015.

Report highlights:
- There were a total of 11 zero-day vulnerabilities reported during the month of August.
- Six of these were reported in industrial control systems, while two were discovered in the OS X operating system.
- A new OS X threat named OSX.Sudoprint was also discovered during the month.


The report (in PDF format) can be viewed here.

Friday, September 11, 2015

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.1.9.160 and earlier should update to Adobe Shockwave Player 12.2.0.162.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2015

Microsoft have released security updates for September 2015. This month update contains 12 security bulletins of which five categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, September 8, 2015

Google Chrome Updated

Google have released version 45.0.2454.85 of their Chrome web browser. The new version contains fixes to 25 security issues. More information about changes in Google Chrome Releases blog.

Monday, September 7, 2015

Vulnerability In F-Secure Products

There has been a vulnerability in Windows version of several F-Secure products. The vulnerability is in F-Secure Gatekeeper driver (fsgk.sys). Successful exploitation of the vulnerability will result in a local privilege escalation of a normal user account to an administrator or system account.

Affected versions:

Corporate products

    F-Secure Client Security
    F-Secure Client Security Premium
    F-Secure Anti-Virus for Workstations
    F-Secure Server Security
    F-Secure Server Security Premium
    F-Secure Email and Server Security
    F-Secure Email and Server Security Premium
    F-Secure Protection Service for Business (PSB) Workstation Security
    F-Secure Protection Service for Business (PSB) Server Security
    F-Secure Protection Service for Business (PSB) Email and Server Security

Consumer products

    F-Secure Safe Anywhere PC
    F-Secure Internet Security
    F-Secure Anti-Virus
    F-Secure Ultralight Anti-Virus Beta


Fix is available in the automatic update channel for all affected products. No user action is needed if automatic updates is enabled. More information can be read from the correspondent security advisory.

Monday, August 31, 2015

Adobe ColdFusion Hotfix Available

Adobe have released updated versions of ColdFusion web application development platform. This hotfix addresses an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure (CVE-2015-3269).

Affected versions:
- ColdFusion 11 and 10


More information can be read from Adobe's security bulletin.

Tuesday, August 25, 2015

QuickTime 7.7.8 Released

Apple have released a new version of their QuickTime multimedia player. Version 7.7.8 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

Affected versions:
QuickTime versions earlier than 7.7.8 on Microsoft Windows 7 and Microsoft Windows Vista operating systems.

QuickTime users with version older than 7.7.8 should update to the latest one available.

More information about security content of QuickTime 7.7.8 can be read here.

Sunday, August 23, 2015

Symantec Intelligence Report: July 2015

Symantec have published their Intelligence report that sums up the latest threat trends for July 2015.

Report highlights:
- The Manufacturing and Wholesale industries both saw significant increases in targeted attack activity in July, where both industries were up eight percentage points from June.
- There were six zero-day vulnerabilities discovered during the month—the highest number seen in more than a year.
- The release of four new mobile malware families in July is the highest number seen in the mobile malware landscape so far this year.


The report (in PDF format) can be viewed here.

Tuesday, August 18, 2015

Google Chrome Updated

Google have released version 44.0.2403.155 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Thursday, August 13, 2015

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.209 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.232

- Users of Adobe Flash Player 11.2.202.491 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.508

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 (on Windows 8.x) and 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 18.0.0.180 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.199 SDK & Compiler

- Users of Adobe AIR 18.0.0.180 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.199.


More information can be read from Adobe's security bulletin.

WordPress 4.2.4 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
WordPress versions earlier than 4.2.4

More information can be read from the WordPress blog.

Wednesday, August 12, 2015

Microsoft Security Updates For August 2015

Microsoft have released security updates for August 2015. This month update contains 14 security bulletins of which four categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, August 10, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Firefox OS to address a bunch of vulnerabilities of which one categorized as critical, three as high, one as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 39.0.3
- Mozilla Firefox ESR earlier than 38.1.1
- Mozilla Firefox OS 2.2

Links to the security advisories with details about addressed security issues:
MFSA 2015-78 Same origin violation and local file stealing via PDF reader
MFSA 2015-77 Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer
MFSA 2015-76 Wifi direct system messages don't require a permission
MFSA 2015-75 COPPA error screen in FxAccounts signup allows loading arbitrary web content into B2G root process
MFSA 2015-74 UMS (USB) mounting after reboot even without unlocking
MFSA 2015-73 Remote HTML tag injection in Gaia System app
MFSA 2015-72 Remote HTML tag injection in Gaia Search app


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Firefox OS updates itself. Instructions for manually check the updates can be found here.

Friday, August 7, 2015

ESET Global Threat Report for July 2015

ESET have published a report discussing global threats of July 2015.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. SWF/Exploit.ExKit (-)
3. Win32/Adware.MultiPlug (2.)
4. JS/Kryptik.I (4.)
5. LNK/Agent.AV (5.)
6. LNK/Agent.BS (-)
7. Win32/Sality (7.)
8. Win32/Ramnit (8.)
9. HTML/Refresh (-)
10. INF/Autorun (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Tuesday, August 4, 2015

Kaspersky Lab's IT Threat Evolution Q2 2015 Report Available

Kaspersky Lab has published its Q2 cyber threats report highlighting key security incidents of the quarter and evaluating the Q2 cyber threat level.

The report can be viewed here.

Monday, July 20, 2015

Symantec Intelligence Report: June 2015

Symantec have published their Intelligence report that sums up the latest threat trends for June 2015.

Report highlights:
- At 49.7 percent, the overall spam rate has dropped below 50 percent for the first time since September, 2003.
- There were 57.6 million new malware variants created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April.
- Ransomware attack has increased for the second month in a row and crypto-ransomware has reached its highest levels since December 2014.


The report (in PDF format) can be viewed here.

Oracle Critical Patch Update For Q3 of 2015

Oracle have released updates for their products that fix 193 security issues (including 25 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2015.

ESET Global Threat Report for June 2015

ESET have published a report discussing global threats of June 2015.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (2.)
2. Win32/Adware.MultiPlug (1.)
3. LNK/Agent.BO (-)
4. JS/Kryptik.I (3.)
5. LNK/Agent.AV (4.)
6. Win32/AdWare.ConvertAd (5.)
7. Win32/Sality (6.)
8. Win32/Ramnit (7.)
9. INF/Autorun (8.)
10. LNK/Agent.BM (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, July 16, 2015

Google Chrome Updated

Google have released version 43.0.2357.134 of their Chrome web browser. The new version contains updated Adobe Flash Player (18.0.0.209). More information about changes in Google Chrome Releases blog.

Wednesday, July 15, 2015

Microsoft Security Updates For July 2015

Microsoft have released security updates for July 2015. This month update contains 14 security bulletins of which four categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2015.007.20033 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30033 and earlier

*of series XI (11.x)
Adobe Reader 11.0.11 and earlier
Adobe Acrobat 11.0.11 and earlier

*of series X (10.x)
Adobe Reader 10.1.14 and earlier
Adobe Acrobat 10.1.14 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes security vulnerabilities that may allow an attacker to run arbitrary code on the affected system. The update is categorized as critical with priority level as 1.

Users of Adobe Shockwave Player 12.1.8.158 and earlier should update to Adobe Shockwave Player 12.1.9.159.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.203 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.209

- Users of Adobe Flash Player 11.2.202.481 and earlier versions for Linux: Adobe will provide an update for Flash Player for Linux during the week of July 12.  The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Friday, July 10, 2015

Google Chrome Updated

Google have released version 43.0.2357.132 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.203

- Users of Adobe Flash Player 11.2.202.468 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.481

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 18.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.180 SDK & Compiler

- Users of Adobe AIR 18.0.0.144 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.180.


More information can be read from Adobe's security bulletin.

Tuesday, July 7, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high, six as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 39
- Mozilla Firefox ESR earlier than 31.8
- Mozilla Firefox ESR earlier than 38.1
- Mozilla Thunderbird earlier than 38.1

Links to the security advisories with details about addressed security issues:
MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
MFSA 2015-69 Privilege escalation in PDF.js
MFSA 2015-68 OS X crash reports may contain entered key press information
MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
MFSA 2015-66 Vulnerabilities found through code inspection
MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
MFSA 2015-61 Type confusion in Indexed Database Manager
MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Wednesday, June 24, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194

- Users of Adobe Flash Player 11.2.202.466 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.468

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 43.0.2357.130 of their Chrome web browser. Among other fixes the new version contains fixes to some security issues.

More information about these in Google Chrome Releases blog.

Friday, June 19, 2015

Symantec Intelligence Report: May 2015

Symantec have published their Intelligence report that sums up the latest threat trends for May 2015.

Report highlights:
- Almost 43 percent of spear-phishing attacks were directed at organizations with less than 250 employees during May, up from 31 percent in April.
- Small organizations were most likely to be targeted by malicious email in the month of May as well, where one in 141 emails contained a threat.
- There were more than 44.5 million new pieces of malware created in May, up from 29.2 million created in April.
- The overall email spam rate further declined in May, dropping 0.6 percentage points to 51.5 percent.


The report (in PDF format) can be viewed here.

ESET Global Threat Report for May 2015

ESET have published a report discussing global threats of May 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Adware.MultiPlug (1.)
2. WIN32/Bundpil (2.)
3. JS/Kryptik.I (3.)
4. LNK/Agent.AV (5.)
5. Win32/AdWare.ConvertAd (9.)
6. Win32/Sality (6.)
7. Win32/Ramnit (7.)
8. INF/Autorun (-)
9. Win32/Packed.VMProtect.AAA (-)
10. LNK/Agent.AK (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Monday, June 15, 2015

Google Chrome Updated

Google have released version 43.0.2357.124 of their Chrome web browser. The new version contains a new version of Adobe Flash (18.0.0.160).

More information about the update in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 17.0.0.188 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160

- Users of Adobe Flash Player 11.2.202.460 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.466

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 17.0.0.172 SDK & Compiler and earlier versions should update to the Adobe AIR 18.0.0.144 SDK & Compiler

- Users of Adobe AIR 17.0.0.172 and earlier versions for Desktop Runtime should update to Adobe AIR 18.0.0.144.

- Users of Adobe AIR for Android 17.0.0.144 and earlier versions should update to Adobe AIR 18.0.0.143.

More information can be read from Adobe's security bulletin.

Wednesday, June 10, 2015

Microsoft Security Updates For June 2015

Microsoft have released security updates for June 2015. This month update contains eight security bulletins of which two categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, June 8, 2015

"Turn It On" The Ultimate Guide To Two-Factor Authentication

TeleSign has launched a campaign to encourage more users to enable two-factor authentication (2FA) security controls for their online accounts. Turn It On website gives detailed instructions how to do this for Facebook, Twitter, Gmail, Apple and numerous other accounts.

According to the TeleSign's Consumer Account Security Report 80 percent of consumers are worried about their online security, but only 30 percent are confident that passwords adequately protect their online accounts. Additionally, about 70 percent are in search of additional help to secure accounts.

With the launch of the Turn It On campaign and access to the free online 2FA guide, consumers now have a simple, easy-to-understand tool for adding additional security online.

MalumPoS Malware Discovered

Trend Micro has discovered MalumPoS named attack tool that threat actors can be reconfigured to breach any PoS (point-of-sale) system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle MICROS, a platform popularly used in the hospitality, food and beverage, and retail industries. A bulk of the companies using MICROS is mostly concentrated in the United States.


Complete blog post with details can be read here.

Thursday, May 28, 2015

Google Chrome Updated

Google have released version 43.0.2357.81 of their Chrome web browser.

More information about changes can be read in Google Chrome Releases blog.

PHP Versions 5.6.9, 5.5.25 and 5.4.41 Released

PHP development team has released 5.6.9, 5.5.25 and 5.4.41 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Saturday, May 23, 2015

Google Chrome Updated

Google have released version 43.0.2357.65 of their Chrome web browser. The new version contains fixes to 37 security issues.

More information about these in Google Chrome Releases blog.

Microsoft Security Intelligence Report Volume 18 Released

Microsoft have released volume 18 of their Security Intelligence Report (SIR)). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Sunday, May 17, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, five as high, two as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7

Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*of series XI (11.x)
Adobe Reader 11.0.10 and earlier
Adobe Acrobat 11.0.10 and earlier

*of series X (10.x)
Adobe Reader 10.1.13 and earlier
Adobe Acrobat 10.1.13 and earlier

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 42.0.2311.152 of their Chrome web browser. The new version contains a new version of Adobe Flash (17.0.0.188).

More information about these in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 17.0.0.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188

- Users of Adobe Flash Player 11.2.202.457 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.460

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 17.0.0.144 SDK and earlier versions should update to the Adobe AIR 17.0.0.172 SDK

- Users of the Adobe AIR 17.0.0.144 SDK & Compiler and earlier versions should update to the Adobe AIR 17.0.0.172 SDK & Compiler

- Users of Adobe AIR 17.0.0.144 Desktop Runtime should update to Adobe AIR 17.0.0.172.


More information can be read from Adobe's security bulletin.

Wednesday, May 13, 2015

Microsoft Security Updates For May 2015

Microsoft have released security updates for May 2015. This month update contains 13 security bulletins of which three categorized as critical and ten as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Friday, May 8, 2015

WordPress 4.2.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
WordPress versions earlier than 4.2.2

More information can be read from the WordPress blog.

Wednesday, May 6, 2015

Destructive Rombertik Malware Renders System Inoperable

Talos Group (part of Cisco Systems) researchers have written an analysis that deals with malware named Rombertik. The malware is designed to intercept any plain text entered into a browser window. Rombertik is spread through spam and phishing messages.

What makes this malware special is its way to act if it detects certain attributes associated with malware analysis. If such action is detected Rombertik tries first to destroy Master Boot Record (MBR) which is the first sector of a PC's hard drive that the computer looks to before loading the operating system. If it can't access the MBR then it effectively renders all of the files in a user's home folder inoperable by encrypting them with a randomly generated RC4 key. After overwriting the MBR or encrypting the home folder the computer is restarted. The overwritten MBR contains code to print out "Carbon crack attempt, failed" and then enters an infinite loop preventing the system from continuing to boot.

Complete analysis of Rombertik can be read at Talos blog here

Friday, May 1, 2015

Google Chrome Updated

Google have released version 42.0.2311.135 of their Chrome web browser. The new version contains fixes to 5 security issues.

More information about these in Google Chrome Releases blog.

Thursday, April 23, 2015

Firefox Update Released

Mozilla have released an update to Firefox web browser to address a high categorized vulnerability.

Affected products are:
- Mozilla Firefox earlier than 37.0.2

Link to the security advisory with details about addressed security issues:
MFSA 2015-45 Memory corruption during failed plugin initialization

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

WordPress 4.1.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to critical security vulnerabilities.

Affected versions:
WordPress versions earlier than 4.1.2

More information can be read from the WordPress blog.

Tuesday, April 21, 2015

PHP Versions 5.6.8, 5.5.24 and 5.4.40 Released

PHP development team has released 5.6.8, 5.5.24 and 5.4.40 versions of the PHP scripting language. New versions contain fixes to several vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Monday, April 20, 2015

Oracle Critical Patch Update For Q2 of 2015

Oracle have released updates for their products that fix 98 security issues (including 14 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2015.

Friday, April 17, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 17.0.0.134 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169

- Users of Adobe Flash Player 11.2.202.451 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.457

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

More information can be read from Adobe's security bulletin.

Google Chrome Updated

Google have released version 42.0.2311.90 of their Chrome web browser. Among other changes the new version contains fixes to 45 security issues.

More information about these in Google Chrome Releases blog.

Microsoft Security Updates For April 2015

Microsoft have released security updates for April 2015. This month update contains 11 security bulletins of which four categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Friday, April 10, 2015

Websense Security Labs 2015 Threat Report

Websense Security Labs has published their annual Threat Report analysing threats in the cyber landscape.

There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: Human Behavioral Trends and Technique-based Trends, to examine who’s doing what and how they are doing it. Each of the two categories will look at 4 topics of interest, to include data on:

Cybercrime Just Got Easier: In this age of MaaS (Malware-as-a-Service), even entry-level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex, multi-stage attack. We review how 99.3 percent of malicious files used a Command & Control URL that has been previously used by one or more other malware samples and what this means for an attacker and a defender.

Something New or Déjà Vu?: Threat actors are blending old tactics, such as macros, in unwanted email with new evasion techniques. Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures. We review how a business can adapt to protect itself from increasingly advanced threats and capable threat actors.

Digital Darwinism - Surviving Evolving Threats: Threat actors have focused on the quality of their attacks rather than quantity. Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013. Yet, the numerous breaches of high-profile organizations with huge security investments attest to the effectiveness of last year’s threats. We review what has changed in the threat landscape and what actions businesses can take to bolster their security posture.

Additional topics include how to face the challenge presented by the IT security skills shortage, how to build on infrastructure made brittle by OpenSSL Heartbleed and similar vulnerabilities, and how to handle the difficulties in correctly attributing an attack to an adversary.

The report can be downloaded here.

Vulnerabilities in Firefox fixed

Mozilla has released a new version of Firefox web browser fixing two issues of which one critical and one high (this one affecting only Firefox for Android and pre-release versions of Desktop Firefox).

Affected products are:
- Mozilla Firefox earlier than 37.0.1

Links to the security advisories with details about addressed security issues:
MFSA 2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header
MFSA 2015-43 Loading privileged content through Reader mode

Fresh versions can be obtained via inbuilt updater or by downloading from the product site.

Thursday, April 2, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high, five as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 37
- Mozilla Firefox ESR earlier than 31.6
- Mozilla Thunderbird earlier than 31.6

Links to the security advisories with details about addressed security issues:
MFSA 2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
MFSA 2015-41 PRNG weakness allows for DNS poisoning on Android
MFSA 2015-40 Same-origin bypass through anchor navigation
MFSA 2015-39 Use-after-free due to type confusion flaws
MFSA 2015-38 Memory corruption crashes in Off Main Thread Compositing
MFSA 2015-37 CORS requests should not follow 30x redirections after preflight
MFSA 2015-36 Incorrect memory management for simple-type arrays in WebRTC
MFSA 2015-35 Cursor clickjacking with flash and images
MFSA 2015-34 Out of bounds read in QCMS library
MFSA 2015-33 resource:// documents can load privileged pages
MFSA 2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
MFSA 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
MFSA 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

Google Chrome Updated

Google have released version 41.0.2272.118 of their Chrome web browser. Among other changes the new version contains fixes to 4 security issues.

More information about these in Google Chrome Releases blog.

HP Cyber Risk Report 2015

HP has released the HP Cyber Risk Report 2015. The report provides a broad view of the 2014 threat landscape. The report can be viewed here.

Monday, March 23, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers to address a couple of vulnerabilities of which both categorized as critical.

Affected products are:
- Mozilla Firefox earlier than 36.0.4
- Mozilla Firefox ESR earlier than 31.5.2
- SeaMonkey 2.33.1

Links to the security advisories with details about addressed security issues:
MFSA 2015-29 Code execution through incorrect JavaScript bounds checking elimination
MFSA 2015-28 Privilege escalation through SVG navigation

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
SeaMonkey

Google Chrome Updated

Google have released version 41.0.2272.101 of their Chrome web browser.

More information in Google Chrome Releases blog.

Monday, March 16, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 16.0.0.305 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 17.0.0.134

- Users of Adobe Flash Player 11.2.202.442 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.451

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Wednesday, March 11, 2015

Symantec Intelligence Report: February 2015

Symantec have published their Intelligence report that sums up the latest threat trends for February 2015.

Report highlights:
- The largest data breach reported during February took place in January, and resulted in the exposure of 80 million identities.
- The average number of spear-phishing attacks rose to 65 per day in February, up from 42 in January.
- There were 400 vulnerabilities and one zero-day vulnerability disclosed during February.


The report (in PDF format) can be viewed here.

Microsoft Security Updates For March 2015

Microsoft have released security updates for March 2015. This month update contains 14 security bulletins of which five categorized as critical and nine as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, March 10, 2015

ESET Global Threat Report for February 2015

ESET have published a report discussing global threats of February 2015.

TOP 10 threats list (previous ranking listed too):

1. Win32/Adware.MultiPlug (3.)
2. HTML/Refresh (1.)
3. WIN32/Bundpil (2.)
4. JS/Kryptik.I (8.)
5. Win32/TrojanDownloader.Waski (-)
6. HTML/ScrInject (4.)
7. Win32/Sality (5.)
8. LNK/Agent.AV (6.)
9. Win32/Ramnit (7.)
10. INF/Autorun (9.)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Thursday, March 5, 2015

Google Chrome Updated

Google have released version 41.0.2272.76 of their Chrome web browser. Among other changes the new version contains fixes to 51 security issues.

More information about these in Google Chrome Releases blog.

Monday, March 2, 2015

ESET Global Threat Report for January 2015

ESET have published a report discussing global threats of January 2015.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. Win32/Adware.MultiPlug (3.)
4. HTML/ScrInject (-)
5. Win32/Sality (5.)
6. LNK/Agent.AV (8.)
7. Win32/Ramnit (10.)
8. JS/Kryptik.I (-)
9. INF/Autorun (7.)
10. LNK/Agent.AK (6.)





Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Saturday, February 28, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, six as high, six as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 36
- Mozilla Firefox ESR earlier than 31.5
- Mozilla Thunderbird earlier than 31.5

Links to the security advisories with details about addressed security issues:
MSFA-2015-27 Caja Compiler JavaScript sandbox bypass
MSFA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
MSFA-2015-24 Reading of local files through manipulation of form autocomplete
MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
MSFA-2015-21 Buffer underflow during MP3 playback
MSFA-2015-20 Buffer overflow during CSS restyling
MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
MSFA-2015-16 Use-after-free in IndexedDB
MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
MSFA-2015-14 Malicious WebGL content crash when writing strings
MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Monday, February 23, 2015

Google Chrome Updated

Google have released version 40.0.2214.115 of their Chrome web browser.

More information about this in Google Chrome Releases blog.

Friday, February 20, 2015

PHP Versions 5.6.6, 5.5.22 and 5.4.38 Released

PHP development team has released 5.6.6, 5.5.22 and 5.4.38 versions of the PHP scripting language. New versions contain fixes to several bugs of which two are categorized as vulnerabilities. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs can be viewed here.

Monday, February 16, 2015

Symantec Intelligence Report: January 2015

Symantec have published their Intelligence report that sums up the latest threat trends for January 2015.

Report highlights:
- Finance, Insurance, & Real Estate overtook Manufacturing in the Top-Ten Industries targeted for the month of January.
- There were ten data breaches reported in January that took place during the same month. In comparison, there were 14 new data breaches reported during January that took place between February and December of 2014.
- Vulnerabilities are up during the month of January, with 494 disclosed and two zero-days discovered.


The report (in PDF format) can be viewed here.

Friday, February 13, 2015

Microsoft Security Updates For February 2015

Microsoft have released security updates for February 2015. This month update contains nine security bulletins of which three categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Saturday, February 7, 2015

Google Chrome Updated

Google have released version 40.0.2214.111 of their Chrome web browser. New version contains fixes to 11 security issues.

More information about these in Google Chrome Releases blog.

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305

- Users of Adobe Flash Player 11.2.202.440 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.442

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Firefox Updated

There has been found a critical vulnerability (MFSA2015-10) related to version 1.1 of OpenH254 plugin. The plugin was available for Firefox web browser 34 and 35 versions as an on-demand download as needed. The issue is fixed in OpenH254 1.3 which is included in updated Firefox 34 and 35.

Monday, February 2, 2015

Google Chrome Updated

Google have released version 40.0.2214.94 of their Chrome web browser.

More information about this in Google Chrome Releases blog.

Saturday, January 31, 2015

Symantec Intelligence Report: December 2014

Symantec have published their Intelligence report that sums up the latest threat trends for December 2014.

Report highlights:
- There were eight data breaches reported that took place within the month of December.
- 14 new data breaches were reported during December that took place between January and November.
- The most commonly encountered malware in December was Trojan.Swifi.
- A new zero-day vulnerability (CVE-2014-9163) was disclosed during the month of December.


The report (in PDF format) can be viewed here.

Wednesday, January 28, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fixes critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296

- Users of Adobe Flash Player 11.2.202.438 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.440

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Monday, January 26, 2015

Adobe Flash Player Update Available

Adobe have released updated version of their Flash Player. The new version fix a vulnerability (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform.

Affected versions:

- Users of Adobe Flash Player 16.0.0.257 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287

- Users of Adobe Flash Player 11.2.202.429 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.438

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, January 23, 2015

Google Chrome Updated

Google have released version 40.0.2214.91 of their Chrome web browser. New version contains fixes to 62 security issues.

More information about these in Google Chrome Releases blog.

Wednesday, January 21, 2015

Oracle Critical Patch Update For Q1 of 2015

Oracle have released updates for their products that fix 169 security issues (including 19 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2015.

Thursday, January 15, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, one as high, four as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 35
- Mozilla Firefox ESR earlier than 31.4
- Mozilla Thunderbird earlier than 31.4
- SeaMonkey 2.32

Links to the security advisories with details about addressed security issues:
MSFA-2015-09 XrayWrapper bypass through DOM objects
MSFA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
MSFA-2015-07 Gecko Media Plugin sandbox escape
MSFA-2015-06 Read-after-free in WebRTC
MSFA-2015-05 Read of uninitialized memory in Web Audio
MSFA-2015-04 Cookie injection through Proxy Authenticate responses
MSFA-2015-03 sendBeacon requests lack an Origin header
MSFA-2015-02 Uninitialized memory use during bitmap rendering
MSFA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)



Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Google Chrome Updated

Google have released version 39.0.2171.99 of their Chrome web browser. New version contains an update for Adobe Flash and some other fixes.

More information about these in Google Chrome Releases blog.

Wednesday, January 14, 2015

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player 16.0.0.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.257

- Users of Adobe Flash Player 11.2.202.425 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.429

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.x) will be updated via Windows Update

- Users of the Adobe AIR 15.0.0.356 SDK and earlier versions should update to the Adobe AIR 16.0.0.272 SDK.

- Users of the Adobe AIR 15.0.0.356 SDK & Compiler and earlier versions should update to the Adobe AIR 16.0.0.272 SDK & Compiler.

- Users of Adobe AIR 15.0.0.356 and earlier versions for Android should update to Adobe AIR  16.0.0.272.

- Users of Adobe AIR 15.0.0.356 and earlier versions for Windows and Macintosh should update to Adobe AIR 16.0.0.245.


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For January 2015

Microsoft have released security updates for January 2015. This month update contains eight security bulletins of which one categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, January 13, 2015

ESET Global Threat Report for December 2014

ESET have published a report discussing global threats of December 2014.

TOP 10 threats list (previous ranking listed too):

1. HTML/Refresh (1.)
2. WIN32/Bundpil (2.)
3. Win32/Adware.MultiPlug (3.)
4. Win32/TrojanDownloader.Wauchos (4.)
5. Win32/Sality (5.)
6. LNK/Agent.AK (6.)
7. INF/Autorun (8.)
8. LNK/Agent.AV (-)
9. JS/Kryptik.ATB (-)
10. Win32/Ramnit (9.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Wednesday, January 7, 2015

New Emotet Trojan Variant Targets Banking Credentials

Microsoft warns of new variant of Emotet trojan that is targeting banking credentials with a new spam email campaign. The emails include fraudulent claims, such as fake phone bills, and invoices from banks or PayPal.

According to the Microsoft Malware Protection Center the campaign seems to be targeting primarily German-language speakers and banking websites.

More information in Microsoft Malware Protection Center blog post.