Monday, April 25, 2016

Oracle Critical Patch Update For Q2 of 2016

Oracle have released updates for their products that fix 136 security issues (including 9 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2016.

Monday, April 18, 2016

Google Chrome Updated

Google have released version 50.0.2661.75 of their Chrome web browser. The new version contains 20 security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: March 2016

Symantec have published their Intelligence report that sums up the latest threat trends for March 2016.

The report can be viewed here.

Microsoft Security Updates For April 2016

Microsoft have released security updates for April 2016. This month update contains 13 security bulletins of which six categorized as critical and seven as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Sunday, April 10, 2016

Google Chrome Updated

Google have released version 49.0.2623.112 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

ESET Threat Radar Report for March 2016

ESET have published a report discussing global threats of March 2016.

TOP 10 threats list (previous ranking listed too):
1. JS/TrojanDownloader.Nemucod (4.)
2. Win32/Bundpil (1.)
3. LNK/Agent.CR (-)
4. LNK/Agent.AV (3.)
5. HTML/ScrInject (10.)
6. LNK/Agent.BZ (2.)
7. Win32/Ramnit (7.)
8. Win32/Sality (5.)
9. HTML/Refresh (-)
10. HTML/iFrame (6.)


Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Adobe Flash Player Updates Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 21.0.0.197 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 21.0.0.213

- Users of Adobe Flash Player 11.2.202.577 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.616

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Monday, April 4, 2016

New PHP Versions Released

PHP development team has released 7.0.5, 5.6.20 and 5.5.34 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.0.5
Version 5.6.20
Version 5.5.34

Friday, April 1, 2016

Petya Ransomware

Ransomware, a type malware that restricts access in computer system and requires a ransom for removing the restriction, is currently a big problem in digital world. New member to this family is Petya. Instead of encrypting just some file types Petya prevents user from accessing all the files on the hard drive by encrypting Master File Table. The user is asked to pay a ransom in order to get the hard drive decrypted.

Petya targets mostly business users as it is being distributed in spam emails that are targeting the human resources departments. First spam messages contained a Dropbox link to a malicious file. Since Dropbox removed the malicious archives the bad guys will likely use other way of distribution.


More information can be read in Kaspersky's blog here.