Tag Archive | security

Security: Adobe Flash Player updated

Adobe has issued an update to plug security holes in its Flash Player software this week including fixes for at least 17 vulnerabilities in the program and in Adobe Air.

With Flash being among the top exploits in the wild we strongly recommend you uninstall Adobe Flash when possible. Should you need Flash for specific functions we recommend using a secondary browser with Flash enabled while leaving it disabled in your primary browser.

Security: CryptoWall 4.0 in the wild

The fourth version of the CryptoWall ransomware has landed in the wild, equipped with better evasion techniques and tactics to thwart antivirus protection and detection.

Ransomware attacks computers and encrypts user files and folders via infected email attachments, with attackers demanding ransom payments to unlock the scrambled documents.

Users are told to make the payment by a specific deadline or risk having the private key to unlock the files deleted.

The active CryptoWall ransomware spawned from CryptoLocker, which is thought to have extorted more than $3 million from victims before the botnet used to distribute it – Gameover Zeus – was taken down last year.

CryptoWall_4_0

To avoid getting caught by CryptoWall, we recommended keeping systems up to date, maintain regular backups and educating users to  avoidin emails with attachments sent by unknown senders, and using products that can detect and block recent ransomware variants.

Firefox 42 adds new feature: Tracking Protection

Previously available to beta users Tracking Protection blocks third party page elements, such as ads, social network buttons, analytics, and other bits of information that could record a users’ browsing activity and profile users across multiple sites when its loaded by pages. When browsing the Web, you unknowingly share information about yourself with third parties that are separate from the site you’re actually visiting, even in Private Browsing mode on any browser. Private Browsing with Tracking Protection in Firefox actively blocks content like ads, analytics trackers and social share buttons that may record your behavior without your knowledge across sites.

FF Track

With the FCC declining to enforce Tracking Protection it is up to browser providers to offer protection. This is certainly a good first step and certainly makes Firefox the browser of choice for privacy advocates.

Apple has released updates to iOS “Office” products

Apple has released security updates for Keynote, Pages, and Numbers for  iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Detailed information available from Apple.

Security updates available for Adobe Flash Player

Adobe on Monday released security updates across multiple platforms that address vulnerabilities in Flash and AIR, some of which are deemed critical. Users should download the updates immediately.

Source: Adobehttps://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Adobe issues security updates for ColdFusion v10 / v11

According to Adobe the hotfix includes an updated version of BlazeDS, which addresses a vulnerability that could result in information disclosure.  Adobe recommends users apply the hotfix available for their version.

ColdFusion 10 Update

ColdFusion 11 Update

Two Android browsers vulnerable to exploit

We are aware of multiple companies we work with where users utilize the Dolphin web browser on Android phones.  Zero-day flaws found in Dolphin and Mercury Android browsers could allow hackers to perform remote code execution. Both browsers are available on Android devices with over 100 million downloads between the two. The Dolphin remote code execution exploit allows a hacker to replace the browser’s theme package with an infected counterpart.