Page 6 of 31 FirstFirst ... 234567891016 ... LastLast
Results 51 to 60 of 306

Thread: Alerts

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Thunderbird v17.0.2 released
    - https://www.mozilla.org/en-US/thunde...2/releasenotes
    Jan 8 2013

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download
    - https://www.mozilla.org/thunderbird/all.html

    Security Advisories
    - https://www.mozilla.org/security/kno...nderbird17.0.2

    - http://www.securitytracker.com/id/1027957
    CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
    Jan 9 2013
    Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 17.0.2

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress v3.5.1 released

    FYI...

    WordPress v3.5.1 released
    - https://wordpress.org/download/
    "The latest stable release of WordPress (Version 3.5.1) is available..."

    - https://wordpress.org/news/2013/01/wordpress-3-5-1/
    Jan 24, 2013 - "... first maintenance release of 3.5, fixing 37 bugs... a security release for all previous WordPress versions..."

    - https://secunia.com/advisories/51967/
    Release Date: 2013-01-25
    Criticality level: Moderately critical
    Impact: Cross Site Scripting, Exposure of sensitive information
    Where: From remote
    ... vulnerabilities are reported in versions prior to 3.5.1.
    Solution: Update to version 3.5.1.
    - http://www.securitytracker.com/id/1028045
    Jan 25 2013
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 3.5.1 ...

    "WordPress Plugin" search results ...
    - https://secunia.com/advisories/searc...rdPress+Plugin
    Found -530- Secunia Security Advisories ...
    March 14, 2013
    ___

    - http://h-online.com/-1791820
    25 Jan 2013
    - http://www.h-online.com/imgs/43/9/7/...c597dc045.jpeg

    Last edited by AplusWebMaster; 2013-03-14 at 16:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation UPnP advisory - US CERT

    FYI...

    UPnP advisory - US CERT
    - https://www.us-cert.gov/current/#cer...urity_advisory
    29 Jan 2013 - "Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681*..."
    * http://www.kb.cert.org/vuls/id/922681
    29 Jan 2013 - "... Disable UPnP: Consider disabling UPnP on the device if it is not absolutely necessary..."
    ___

    - https://community.rapid7.com/docs/DOC-2150
    Jan 29, 2013 - "... We strongly recommend people to check whether they may be vulnerable, and if so, disable the UPnP protocol* in any affected devices..."
    * https://community.rapid7.com/communi...plug-dont-play
    Jan 29, 2013 - "... Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks.. In most cases, network equipment that is "no longer shipping" will not be updated at all, exposing these users to remote compromise until UPnP is disabled or the product is swapped for something new..."

    > https://community.rapid7.com/servlet...-490/stats.png

    UPnP Router Security Check: http://upnp-check.rapid7.com/
    ___

    - http://atlas.arbor.net/briefs/index#-1299837074
    Severity: High Severity
    Jan 30, 2013
    Universal Plug and Play provides a significant attack surface and should be protected from network access via robust access control protections on UDP port 1900 and/or hardened configuration.
    Analysis: A large-scale scan of the Internet determined that a huge number of systems are vulnerable, and that exploitation in some cases can be performed with one UDP packet. This UDP packet can be spoofed. Actual attack details are not available to the public however we can rest assured that attackers are hard at work. While such bugs may not make their way into typical commodity crimeware exploit kits, targeted and opportunistic attackers with enough intelligence to create exploit code for these vulnerabilities are surely at work. One difficulty is that there are a large number of devices, each that may have their own specific configuration and device quirks that would require some research on the part of the attackers. The potential for a network-wide worm certainly exists. Organizations are encouraged to block uPnP as much as possible and ensure that attack surface is reduced because it is likely that the scanning activity will increase. While UDP port 1900 appears to the main vector, TCP/UDP port 2869 is also involved and should be monitored carefully and restricted as much as possible to reduce attack surface.
    Source: http://arstechnica.com/security/2013...-and-play-now/

    - http://h-online.com/-1794032
    30 Jan 2013

    Last edited by AplusWebMaster; 2013-01-31 at 21:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation AdblockPlus v2.2.3 released

    FYI...

    Changelog for Adblock Plus 2.2.3
    - https://adblockplus.org/releases/adb...refox-released
    Feb 13, 2013 - The following lists the changes compared to Adblock Plus 2.2.3. If you experience issues with this release please check the list of known issues.
    • Worked around AVG Security Toolbar 14.0.3.* breaking Adblock Plus among other things.
    • Made sure that first-run page always opens is the current browser window (bug 819561)...
    ___

    AdblockPlus v2.2.2 released
    - https://adblockplus.org/en/changelog-2.2.2
    2013-01-30

    - http://news.slashdot.org/story/13/01...orn-cisco-says
    Feb 01, 2013 - "The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report*. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site..."
    * http://www.cisco.com/en/US/prod/vpnd...ty_report.html

    AdBlockPlus for Firefox: https://addons.mozilla.org/en-US/fir.../adblock-plus/

    > https://adblockplus.org/en/getting_started#install

    Last edited by AplusWebMaster; 2013-02-21 at 17:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Expect a v2 of iOS 6.1 ...

    FYI...

    Expect a v2 of iOS 6.1 ...

    iOS 6.1 Leads to Battery Life Drain, Overheating for iPhone Users
    - http://thenextweb.com/apple/2013/02/...ng-to-ios-6-1/
    8 Feb 2013

    - http://arstechnica.com/apple/2013/02...ntacts-photos/
    Feb 14, 2013 - "An -old- vulnerability in the iPhone's lock screen and Emergency Call feature appears to have resurfaced for a third time in iOS 6.1. With the right sequence of button clicking, it's possible to get to an iPhone user's voicemails, contacts, and photos—even if the iPhone is locked and password protected..."
    - https://secunia.com/advisories/52173/

    Access restriction in iOS 6 partially useless
    - http://h-online.com/-1805842
    19 Feb 2013

    Rapid growth in transaction logs, CPU use, and memory consumption in Exchange Server 2010 when a user syncs a mailbox by using an iOS 6.1-based device
    - http://support.microsoft.com/kb/2814847
    Last Review: February 12, 2013 - Revision: 5.0
    Status: Apple and Microsoft are investigating this issue. We will post more information in this article when the information becomes available...
    Workaround: To work around this issue, do not process Calendar items such as meeting requests on iOS 6.1 devices. Also, immediately restart the iOS 6.1 device...

    Last edited by AplusWebMaster; 2013-02-19 at 14:04.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS 6.1.2 Software Update

    FYI...

    iOS 6.1.2 Software Update
    - https://support.apple.com/kb/DL1639
    Feb 19, 2013 - "Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life...
    System Requirements: iPhone 3GS and later, iPad 2 and later, iPod touch 4th generation and later, iPhone 5 ..."

    - http://support.microsoft.com/kb/2814847
    Last Review: February 19, 2013 Revision: 15.0 - "... Resolution: Apple has posted the following article to address the issue:
    - https://support.apple.com/kb/TS4532
    Feb 19, 2013 - ... Resolution: To resolve this issue, update to iOS 6.1.2..."
    ___

    iTunes 11.0.2 released
    - https://support.apple.com/kb/DL1614
    Feb 19, 2013

    APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13
    - http://prod.lists.apple.com/archives.../msg00002.html
    2013-02-19
    - http://support.apple.com/kb/HT5666

    Last edited by AplusWebMaster; 2013-02-20 at 18:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #57
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 17.0.3 released

    FYI...

    Thunderbird 17.0.3 released
    - https://www.mozilla.org/en-US/thunde...3/releasenotes
    Feb 19, 2013

    Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Download
    - https://www.mozilla.org/thunderbird/all.html

    Security Advisories
    - https://www.mozilla.org/security/kno...nderbird17.0.3

    - http://www.securitytracker.com/id/1028165
    CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
    Feb 20 2013
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 17.0.3

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #58
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation iOS/iTunes/Kindle app update...

    FYI...

    Amazon fixes its book deleting iTunes Kindle app update
    - http://www.theinquirer.net/inquirer/...dle-app-update
    Feb 28 2013 - "... Amazon has revisited the webpage and the update. Version 3.6.2* of the Kindle app for iOS includes both a fix for the registration issue and "Various Bug Fixes and Security Fixes"..."
    * https://itunes.apple.com/us/app/kind...302584613?mt=8
    Updated: Feb 27, 2013
    Version: 3.6.2
    Size: 21.4 MB
    What's New in Version 3.6.2
    • Fix for Registration Issue
    • Various Bug Fixes and Security Fixes...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #59
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash content in Safari...

    FYI...

    Apple blocks older insecure versions of Flash...
    - https://isc.sans.edu/diary.html?storyid=15316
    Last Updated: 2013-03-02 18:23:36 - "Apple has recently stepped up its response to security issues involving 3rd party plug-ins. They have aggressively used its anti-malware tool sets to enforce minimum versions of Adobe Flash*, Oracle Java, and similar popular plug-ins..."
    * https://support.apple.com/kb/ht5655
    Mar 1, 2013 - "... When attempting to view Flash content in Safari, you may see this alert: "Blocked Plug-in"
    Selecting it will display this alert:
    'Adobe Flash Player' is out of date.
    - Click 'Download Flash…' to have Safari open the Adobe Flash Player installer website.
    - Download the latest Adobe Flash Player installer--click the "Download now" button.
    - Open the downloaded disk image.
    - Open the installer and follow the onscreen instructions...'"

    - https://support.apple.com/kb/HT5660
    Mar 1, 2013

    Last edited by AplusWebMaster; 2013-03-03 at 03:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #60
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple Mac OS X update for Java

    FYI...

    APPLE-SA-2013-03-04-1: Apple Mac OS X update for Java
    - https://secunia.com/advisories/52484/
    Release Date: 2013-03-05
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    CVE Reference(s): CVE-2013-0809, CVE-2013-1493
    For more information: https://secunia.com/SA52451/
    Original Advisory: APPLE-SA-2013-03-04-1:
    - http://support.apple.com/kb/HT5677
    - http://prod.lists.apple.com/archives...Mar/index.html

    - http://prod.lists.apple.com/archives.../msg00000.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •