Wednesday, December 28, 2016

Ciritical Vulnerability In PHPMailer

There has been found a critical vulnerability in PHPMailer library. The vulnerability (CVE-2016-10033) is related to the way that websites handle web-based email submission forms using the PHPMailer component. PHPMailer is used by many popular web-publishing platforms such as WordPress, Drupal and Joomla.

Affected versions:
PHPMailer versions earlier than 5.2.18

Fresh version of the PHPMailer can be downloaded here.

More information:
about the vulnerability
Drupal advisory

Friday, December 23, 2016

VMware ESXi Updates Available

VMware has released security update to patch a cross-site scripting issue in VMware ESXi.

Affected versions:
- VMware ESXi 6.0 without patch ESXi600-201611102-SG
- VMware ESXi 5.5 without patch ESXi550-201612102-SG

Further information including updating instructions can be read from VMware's security advisory.

Saturday, December 17, 2016

Mozilla Firefox Updates Released

Mozilla have released updates to Firefox browser to address security vulnerabilities of which some are critical.

Affected products are:
- Mozilla Firefox earlier than 50.1
- Mozilla Firefox earlier than ESR 45.6

Lists of the fixed vulnerabilities:
Firefox ESR 45.6
Firefox 50.1

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 23.0.0.207 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 24.0.0.186

- Users of Adobe Flash Player 11.2.202.644 and earlier versions for Linux should update to Adobe Flash Player 24.0.0.186

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Thursday, December 15, 2016

ESET Threat Radar Report for November 2016

ESET have published a report discussing global threats of November 2016.

TOP 10 threats list (previous ranking listed too):
1. JS/Danger.ScriptAttachment (1.)
2. Win32/TrojanDownloader.Wauchos (2.)
3. LNK/Agent.DA (4.)
4. Win32/Bundpil (5.)
5. Win64/TrojanDownloader.Wauchos (6.)
6. JS/ProxyChanger (9.)
7. JS/TrojanDownloader.FakejQuery (-)
8. HTML/Refresh (9.)
9. HTML/FakeAlert (8.)
10. Win32/Adware.ELEX (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Microsoft Security Updates For December 2016

Microsoft have released security updates for December 2016. This month update contains 12 security bulletins of which six categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Tuesday, December 13, 2016

Symantec Intelligence Report: November 2016

Symantec have published their Intelligence report that sums up the latest threat trends for November 2016.

The report can be viewed here.

New PHP Versions Released

PHP development team has released 7.0.14 and 5.6.29 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.0.14
Version 5.6.29

Friday, December 2, 2016

Google Chrome Updated

Google have released a version 55.0.2883.75 of their Chrome web browser. Among other changes the new version contains 36 security fixes. More information about changes in Google Chrome Releases blog.

Updates To Mozilla Products Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a critical vulnerability.

Affected products are:
- Mozilla Firefox earlier than 50.0.2
- Mozilla Firefox earlier than ESR 45.5.1
- Mozilla Thunderbird earlier than 45.5.1


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird