Page 11 of 31 FirstFirst ... 78910111213141521 ... LastLast
Results 101 to 110 of 306

Thread: Alerts

  1. #101
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird v24.3.0 released

    FYI...

    Thunderbird v24.3.0 released
    - http://www.securitytracker.com/id/1029721
    CVE Reference: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
    Feb 5 2014
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 24.3 ...
    Solution: The vendor has issued a fix (24.3)...
    - https://www.mozilla.org/en-US/thunderbird

    Release Notes
    - https://www.mozilla.org/en-US/thunde.../releasenotes/

    Security Advisories
    - https://www.mozilla.org/security/kno...hunderbird24.3
    MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
    MFSA 2014-12 NSS ticket handling issues
    MFSA 2014-09 Cross-origin information leak through web workers
    MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
    MFSA 2014-04 Incorrect use of discarded images by RasterImage
    MFSA 2014-02 Clone protected content with XBL scopes
    MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download: https://www.mozilla.org/thunderbird/all.html

    Last edited by AplusWebMaster; 2014-02-05 at 18:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #102
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs up Process Explorer v16.0 ...

    FYI...

    Process Explorer v16.0
    - http://technet.microsoft.com/en-us/s...rnals/bb896653
    Feb 4, 2014 - "Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning."

    > https://isc.sans.edu/diaryimages/ima...us%20total.png

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #103
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS 7.0.6, 6.1.6, Apple TV 6.0.2 ...

    FYI...

    iOS 7.0.6
    - http://support.apple.com/kb/HT6147
    Feb 21, 2014 - "... Data Security: Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later...
    CVE-2014-1266..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1266 - 6.8

    iOS 6.1.6
    - http://support.apple.com/kb/HT6146
    Feb 21, 2014 - "... Data Security: Available for: iPhone 3GS, iPod touch (4th generation)...
    CVE-2014-1266..."

    - http://www.securitytracker.com/id/1029811
    CVE Reference: CVE-2014-1266
    Feb 21 2014
    Fix Available: Yes Vendor Confirmed: Yes...
    Impact: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
    Solution: The vendor has issued a fix (6.1.6, 7.0.6)...
    ___

    Apple TV 6.0.2
    - http://support.apple.com/kb/HT6148
    Feb 21, 2014 - "... Apple TV: Available for: Apple TV 2nd generation and later...
    CVE-2014-1266..."

    - http://www.securitytracker.com/id/1029812
    CVE Reference: CVE-2014-1266
    Feb 22 2014
    Fix Available: Yes Vendor Confirmed: Yes...
    Impact: A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
    Solution: The vendor has issued a fix (6.0.2)...
    ___

    Apple Releases Security Updates for iOS devices and Apple TV
    - https://www.us-cert.gov/ncas/current...s-and-Apple-TV
    Feb 21, 2014

    - http://support.apple.com/kb/HT1222

    Last edited by AplusWebMaster; 2014-02-24 at 18:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #104
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation OS X Mavericks, Safari, QuickTime updates

    FYI...

    OS X Mavericks v10.9.2 update
    - http://support.apple.com/kb/HT6114
    Feb 25, 2014 - "OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac..."
    (More detail at the URL above.)

    OS X Mavericks 10.9.2 and Security Update 2014-001
    - http://support.apple.com/kb/HT6150
    Feb 25, 2014

    - http://lists.apple.com/archives/secu.../msg00000.html

    - http://www.securitytracker.com/id/1029825
    CVE Reference: CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261, CVE-2014-1262, CVE-2014-1263, CVE-2014-1264, CVE-2014-1265
    Feb 26 2014
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10.7.5, 10.8.5, 10.9, 10.9.1...
    Solution: The vendor has issued a fix (OS X Mavericks v10.9.2, Security Update 2014-001)...
    ___

    Safari 6.1.2, 7.0.2
    - http://support.apple.com/kb/HT6145
    Feb 25, 2014

    - http://lists.apple.com/archives/secu.../msg00001.html

    - http://www.securitytracker.com/id/1029826
    CVE Reference: CVE-2014-1268, CVE-2014-1269, CVE-2014-1270
    Feb 26 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions 6.1.2 and 7.0.2...
    Solution: The vendor has issued a fix (6.1.2, 7.0.2)...
    ___

    QuickTime 7.7.5 released
    - http://support.apple.com/kb/HT6151
    Feb 25, 2014 - "Available for: Windows 7, Vista, XP SP2 or later..."

    - http://lists.apple.com/archives/secu.../msg00002.html

    - http://www.securitytracker.com/id/1029823
    CVE Reference: CVE-2014-1243, CVE-2014-1244, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1251
    Feb 26 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 7.7.5 for Windows...
    Solution: The vendor has issued a fix (7.7.5 for Windows; on OS X apply APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 or Security Update 2014-001)...

    ... use Apple Software Update.

    Last edited by AplusWebMaster; 2014-02-26 at 16:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #105
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS 7.1, Apple TV 6.1 released

    FYI...

    iOS 7.1 released
    - http://www.securitytracker.com/id/1029888
    CVE Reference: CVE-2013-5133, CVE-2013-6835, CVE-2014-1267, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1274, CVE-2014-1275, CVE-2014-1276, CVE-2014-1277, CVE-2014-1278, CVE-2014-1281, CVE-2014-1282, CVE-2014-1284, CVE-2014-1285, CVE-2014-1286, CVE-2014-1287, CVE-2014-1280, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294
    Mar 11 2014
    Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 7.1 ...
    Solution: The vendor has issued a fix (7.1).
    The vendor's advisory is available at:
    - http://support.apple.com/kb/HT6162
    "... Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later..."

    - https://secunia.com/advisories/57294/
    Release Date: 2014-03-11
    Criticality: Highly Critical
    Where: From remote
    Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
    Operating System: Apple iOS 7.x for iPhone 4 and later, Apple iOS for iPad 7.x, Apple iOS for iPod touch 7.x
    Solution: Update to version 7.1.
    ___

    Apple TV 6.1 released
    - http://www.securitytracker.com/id/1029889
    CVE Reference: CVE-2014-1267, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1275, CVE-2014-1278, CVE-2014-1279, CVE-2014-1280, CVE-2014-1282, CVE-2014-1287, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294
    Mar 11 2014
    Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 6.1 ...
    Solution: The vendor has issued a fix (6.1).
    The vendor's advisory is available at:
    - http://support.apple.com/kb/HT6163

    - https://secunia.com/advisories/57297/
    Release Date: 2014-03-11
    Criticality: Highly Critical
    Where: From remote
    Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
    Operating System: Apple TV 6.x
    Solution: Update to version 6.1.

    Last edited by AplusWebMaster; 2014-03-11 at 16:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #106
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 24.4 released

    FYI...

    Thunderbird 24.4 released
    - http://www.securitytracker.com/id/1029930
    CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1499, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
    Mar 19 2014
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 24.4
    - https://www.mozilla.org/en-US/thunderbird

    Release Notes
    - https://www.mozilla.org/en-US/thunde.../releasenotes/

    Security Advisories
    - https://www.mozilla.org/security/kno...hunderbird24.4
    MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
    MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
    MFSA 2014-30 Use-after-free in TypeObject
    MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
    MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
    MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
    MFSA 2014-26 Information disclosure through polygon rendering in MathML
    MFSA 2014-17 Out of bounds read during WAV file decoding
    MFSA 2014-16 Files extracted during updates are not always read only
    MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download: https://www.mozilla.org/thunderbird/all.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #107
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malwarebytes 2.0

    FYI...

    Malwarebytes 2.0 released
    - http://blog.malwarebytes.org/news/20...i-malware-2-0/
    Mar 24, 2014 - "... This is the biggest rewrite we have ever undertaken... Malwarebytes Anti-Malware 2.0 ships with a completely redesigned user interface to make the product easier to use, more informative, and to provide quicker access to key functionality... We believe that products should be nag-free and cleanup shouldn’t cost our users a dime, and we’re going to stay true to that. Scanning for and removing malware will be free in this new version and beyond! You didn’t pay to get infected, you shouldn’t pay to clean it up... all that said, you can download 2.0 here*... FAQs for 2.0 here**..."
    * http://www.malwarebytes.org/update/

    ** https://helpdesk.malwarebytes.org/en...0-mean-for-me-
    ___

    Users Guide
    - http://www.malwarebytes.org/support/guides/mbam/

    Last edited by AplusWebMaster; 2014-04-03 at 02:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #108
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Safari 7.0.3, 6.1.3 released

    FYI...

    Safari 7.0.3, 6.1.3 released
    - http://www.securitytracker.com/id/1029983
    CVE Reference: CVE-2013-2871, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313
    Apr 2 2014
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions 6.1.3 and 7.0.3
    Solution: The vendor has issued a fix (6.1.3, 7.0.3).
    The vendor's advisory is available at:
    - http://support.apple.com/kb/HT6181

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #109
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 3.8.2 released

    FYI...

    WordPress 3.8.2 released
    - https://secunia.com/advisories/57769/
    Release Date: 2014-04-10
    Criticality: Moderately Critical
    Where: From remote
    Impact: Security Bypass, Cross Site Scripting
    ... vulnerabilities are reported in versions prior to 3.8.2.
    Solution: Update to version 3.8.2.
    Original Advisory:
    - http://wordpress.org/news/2014/04/wordpress-3-8-2/
    April 8, 2014 - "WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies... This release also fixes nine bugs and contains three other security hardening changes..."

    - http://wordpress.org/download/

    Changelog
    - https://core.trac.wordpress.org/browser/?rev=28060
    ___

    - http://www.securitytracker.com/id/1030071
    CVE Reference:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0165 - 4.0
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0166 - 6.4 (HIGH)
    Apr 11 2014
    Impact: Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions 3.7.2 and 3.8.2 ...
    Solution: The vendor has issued a fix (3.7.2, 3.8.2)...
    - http://wordpress.org/news/2014/04/wordpress-3-8-2/

    Last edited by AplusWebMaster; 2014-04-12 at 08:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #110
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Cisco Products - OpenSSL Heartbeat Extension Vulnerability

    FYI...

    - http://tools.cisco.com/security/cent...ationListing.x

    Multiple Cisco Products - OpenSSL Heartbeat Extension Vulnerability
    - http://tools.cisco.com/security/cent...409-heartbleed
    Last Updated: 2014 April 18 - "Summary: Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords. Please note that the devices that are affected by this vulnerability are the devices acting as an SSL server terminating SSL connections or devices acting as an SSL Client initiating an SSL connection. Devices that are simply traversed by SSL traffic without terminating it are not affected. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available..."
    Revision 1.10 - 2014-April-18 - Updated the Affected Products, Vulnerable Products, Products Confirmed Not Vulnerable, and Software Versions and Fixes sections.

    Last edited by AplusWebMaster; 2014-04-21 at 21:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •