Friday, January 26, 2018

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.6

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Updated

Google have released a version 64.0.3282.119 of their Chrome web browser. New version contains 53 security fixes. More information about changes in Google Chrome Releases blog.

ITunes 12.7.3 Released

Apple have released version 12.7.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.7.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.3 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.3 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Tuesday, January 23, 2018

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 58 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Friday, January 19, 2018

Oracle Critical Patch Update For Q1 of 2018

Oracle have released updates for their products that fix 238 security issues (including 21 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2018.

WordPress 4.9.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.9.2

More information can be read from the WordPress blog.

Saturday, January 13, 2018

VMware Updates Available

VMware has released security updates to patch use-after-free and integer-overflow vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.1
- VMware Workstation Pro / Player 12.x versions earlier than 12.5.9
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.1
- VMware Fusion Pro / Fusion 8.x versions earlier than 8.5.10

Further information including updating instructions can be read from VMware's security advisory.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix an important out-of-bounds vulnerability that could lead to information exposure.

Affected versions:
- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Windows should update to Adobe Flash Player 28.0.0.137

- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Macintosh should update to Adobe Flash Player 28.0.0.137

- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Linux should update to Adobe Flash Player 28.0.0.137

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Sunday, January 7, 2018

Symantec Intelligence Report: December 2017

Symantec have published their Intelligence report that sums up the latest threat trends for December 2017.

The report can be viewed here.

New PHP Versions Released

PHP development team has released 7.2.1, 7.1.13, 7.0.27 and 5.6.33 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.1
Version 7.1.13
Version 7.0.27
Version 5.6.33

Google Chrome Updated

Google have released a version 63.0.3239.132 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address a security vulnerability.

Affected products are:
- Mozilla Firefox earlier than 57.0.4 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For January 2018

Microsoft have released security updates for January 2018.

Summary of the updates (filter by inserting 12/15/2017 to the From field and 1/3/2018 to the To field) here.

Wednesday, January 3, 2018

Identify Malicious WiFi Networks With PiKarma Script

Security researcher Besim Altinok has created a Python script, PiKarma that helps to identify WiFi networks that are carrying KARMA (Karma Attacks Radioed Machines Automatically) attacks, a well known form of WiFi Man in the Middle attacks.

"PiKarma allows users to test WiFi networks and determine if the WiFi network in a certain location is safe to use before carrying out any sensitive communications over them. If the script detects a KARMA attack, it logs details and then automatically sends a deauth request, disconnecting the user from the malicious network."

The only downside is that user will need an extra WiFi card. That is needed to keep an eye on the main one.

Bleeping Computer's article about PiKarma with details can be viewed here.