Microsoft have published a Security Bulletin Summary for August 2012. A number of updates have been released including five "critical" and four "important" severity updates affecting Windows, Internet Explorer, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software, SQL Server and Microsoft Exchange.
The patches address remote code execution and elevation of privilege. Importantly, an update has been released to patch four vulnerabilities in Internet Explorer 6, 7, 8 and 9 (MS12-052).
Adobe have published a security update addressing a critical vulnerability in Adobe Flash Player 11.2.202.235 and earlier versions.
The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.
Windows users of Adobe Flash Player 11.2.202.235 and earlier are advised to upgrade to Adobe Flash Player 11.3.300.257
Hot on the heels of the LinkedIn password breach, dating site, eHarmony have reported that "a small fraction" (about 1.5 million) of their user base have also been affected. Like LinkedIn, eHarmony have reset the compromised account's passwords and will send out notification explaining how to reset them. Probably a good time to change your password - check the best practices in the LinkedIn post from earlier today.
LinkedIn have confirmed that a number of user accounts have been compromised. While they have not published the amount of compromised accounts, a Russian forum user uploaded around 6.5 million encrypted user passwords to demonstrate the security breach took place. While the user names have not been included, it's a pretty good bet that they have also been stolen. You can check this site to see if your password was amongst those stolen.
On 28th May 2012, Iran National CERT published a report describing a new and complex threat dubbed “Flame” that was thought to be responsible for incidents of “mass data loss in Iran”. The report linked this newly discovered threat with the notorious Stuxnet and Duqu attacks.
Shortly after, the Laboratory of Cryptography and System Security at Budapest University of Technology and Economics published a report describing an apparently identical threat that may have been active “for as long as five to eight years”.
According to the U.S. Federal Trade Commission's (FTC) Annual Consumer Sentinel Network Data Book, online fraud cost consumers more than $1.5 billion in 2011, with identity fraud and identity theft garnering 70 percent of total complaints. With fraud complaints more than doubling over the past five years, protecting private information is more critical than ever for those who rely on the internet for communicating personal and financial data. If identity theft hasn't concerned you in the past, it's time to reconsider.
The latest Flash update patches two security vulnerabilities - the first (CVE-2012-0772), resolves a memory corruption vulnerability related to URL security domain checking that could lead to code execution on Windows 7 or Vista. The second (CVE-2012-0773) fixes a memory corruption vulnerability in the NetStream class that could lead to code execution.
TLDR; vulnerable Flash player, exploits patched.
However, this time around, Adobe have introduced an automatic updating mechanism for Flash Player.
In Microsoft's Security Bulletin Summary for February 2012 a number of updates have been released including four "critical" and five "important" severity updates.
Lavasoft has just received a VB100 award from Virus Bulletin ranked among the top applications in the detection chart: http://www.virusbtn.com/vb100/latest_comparative/index. We’re pretty happy!
In a comparative test published in Virus Bulletin’s latest issue, Ad-Aware achieved one of the top results for malware detection. Virus Bulletin independently tests anti-virus products and those products which pass the tests are awarded the VB100. The test review covers a range of criteria, including detection rates, design and usability, and performance.
It's common to hear security vendors advise people to "keep their computer up to date with the latest patches" but what does that actually mean and why is it important?
Malware can infiltrate PCs via a number of attack surfaces, one of which being bugs in Windows and the programs on your PC.
Microsoft have published a Security Bulletin Summary for November 2011. A number of updates have been released including one "critical" and two "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities. Importantly, an update has been released to patch the critical vulnerability in the TCP/IP stack (MS11-083). Microsoft report that "the vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system."
An apparently modified version of the well-publicised Stuxnet worm has been discovered on a number of corporate computer systems in Europe. Analysis suggests that the malware, named Duqu (pronounced dyü-kyü), appears to be based on the Stuxnet source code, giving rise to the possibility that Duqu may have been developed either by the Stuxnet authors or by developers who have had access to the source code.
- 1 of 5
- ››