Friday, March 31, 2017

VMware Updates Available

VMware has released security update to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation Pro versions earlier than 12.5.5 on Windows platform
- VMware Player versions earlier than 12.5.5 on Windows platform
- VMware Fusion Pro 8.5.6 on Mac OS X platform
- VMware Fusion 8.5.6 on Mac OS X platform
- VMware ESXi versions 6.5, 6.0 and 5.5

Further information including updating instructions can be read from VMware's security advisory.

Saturday, March 25, 2017

ITunes 12.6 Released

Apple have released version 12.6 of their iTunes media player. New version fixes a bunch of security vulnerabilities.

More information about the security content of iTunes 12.6 can be read from related security advisory.

Users of old versions should update to the latest one available.

Sunday, March 19, 2017

New PHP Versions Released

PHP development team has released 7.1.3 and 7.0.17 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.1.3
Version 7.0.17

Wednesday, March 15, 2017

Shockwave Player Update Available

Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to escalation of privilege (CVE-2017-2983).

Users of Adobe Shockwave Player 12.2.7.197 and earlier should update to Adobe Shockwave Player 12.2.8.198.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 24.0.0.221 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 25.0.0.127

- Users of Adobe Flash Player 24.0.0.221 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.127

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For March 2017

Microsoft have released security updates for March 2017.

Details about the updates can be read from release notes. Summary of the updates (filter by inserting 02/15/2017 to the From field and 03/14/2017 to the To field) here.

ESET Monthly Threat Report: February 2017

ESET have published a report of top ten threats in February 2017

TOP 10 threats list (previous ranking listed too):
1. Win32/TrojanDownloader.Wauchos (1.)
2. JS/Danger.ScriptAttachment (6.)
3. LNK/Agent.DA (4.)
4. HTML/FakeAlert (7.)
5. Win64/TrojanDownloader.Wauchos (3.)
6. JS/ProxyChanger (2.)
7. Win32/Bundpil (5.)
8. JS/TrojanDownloader.Nemucod (-)
9. HTML/Refresh (9.)
10. Win32/Adware.ELEX (8.)


Complete report (with a description about each of the above listed threats) can be viewed here.

Google Chrome Updated

Google have released a version 57.0.2987.98 of their Chrome web browser. Among other changes the new version contains 36 security fixes. More information about changes in Google Chrome Releases blog.

Monday, March 13, 2017

Symantec Intelligence Report: February 2017

Symantec have published their Intelligence report that sums up the latest threat trends for February 2017.

The report can be viewed here.

Wednesday, March 8, 2017

Updates To Mozilla Products Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 52 (advisory)
- Mozilla Firefox earlier than ESR 45.8 (advisory)
- Mozilla Thunderbird earlier than 45.8 (advisory)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

WordPress 4.7.3 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.7.3

More information can be read from the WordPress blog.

Sunday, March 5, 2017

DNSMessenger

Talos, Cisco's security research outfit, have been researching a unique attack DNSMessenger which uses DNS queries to carry out malicious PowerShell commands on affected computers.

According to the Talos experts the infection chain begins with a rigged Word document sent to recipients who are encouraged to “enable content” so they can view a message. If enabled the document launches a Visual Basic for Applications (VBA) macro script that opens the initial PowerShell command that ultimately leads to the multistage attack and the eventual installing of a remote access Trojan.

More details can be read in Talos blog post here.