Number: IRCNE2015072575
Date: 2015/07/21

According to “zdnet”, Microsoft has released an emergency out-of-band patch for a critical flaw, affecting all supported versions of Windows.
The software giant said in an advisory Monday that the vulnerability, if exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.
In other words, a previously undisclosed flaw in the way Windows handles certain fonts can allow a hacker to take over an entire machine.
Users running Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later. A Microsoft spokesperson confirmed in an emailed statement that Windows 10 Insider Preview is also affected.
The patch is available over Windows Update.

Number: IRCNE2015072574
Date: 2015/07/19

According to “zdnet”, Spam email levels have dropped to a 12-year low, new data from security firm Symantec shows.
The overall spam email level has fallen below the 50 percent mark, putting spam levels on the same levels as they were in September 2003.
Levels dropped by 0.6 percentage points from May. By comparison, Kaspersky Lab said 59.2 percent of all email in the first quarter of this year was spam.
But mining remains the industry most affected by spam with a 56 percent spam rate, second to manufacturing and construction, the report said.
Spam may be innocuous and annoying to many, but unwanted emails can come with attached malware and links that generate money when clicked.
The drop in spam and phishing related emails suggests cyberattackers are focusing their efforts on other ways to generate money. Malware-based attacks, and ransomware and crypto-ransomware -- where files are locked and encrypted for a fee -- are on the rise.

Number: IRCNE2015072573
Date: 2015/07/19

According to “zdnet”, Google said Thursday it will expand this feature, dubbed Safe Browsing, which aims to prevent installs of "unwanted software." The feature works by checking against a Google database of affected links and sites to determine if a page is safe.
The feature is baked into Chrome, but also works in other browsers across Windows, Mac, and Linux.
Although the feature already prevents phishing and malware installs, soon it will also work to reduce installs of "piggybacked" software, adware and browser toolbars, and apps that spy on a user's internet browsing traffic or send information back to a server without consent.
"Unwanted software is being distributed on web sites via a variety of sources, including ad injectors as well as ad networks lacking strict quality guidelines," said Google's Moheeb Abu Rajab and Stephan Somogy in a blog post. "In many cases, Safe Browsing within your browser is your last line of defense."
The search giant turned browser maker also published an unwanted software policy in order to help users (and developers) understand what kinds of software will be caught in the expanded safety net.
"Software that violates these principles is potentially harmful to the user experience, and we will take steps to protect users from it," the policy says.

Number: IRCNE2015072572
Date: 2015/07/18

According to “zdnet”, Malwarebytes has released a new anti-malware and adware tool designed to combat the rising number of infections on Mac systems.
Announced on Wednesday, the new Malwarebytes Anti-Malware for Mac is free software developed to find and remove malware, adware and potentially unwanted programs (PUPs).As the cyberattack landscape changes, security companies need to consider operating systems beyond Windows when developing solutions.
In addition to the release of the new malware cleaner, the firm also announced the acquisition of AdwareMedic, an app created for the quick cleanup of Mac systems. The tool has been downloaded almost three million times to combat threats including ad injections, junkware, unwanted toolbars and browser hijacking.
Thomas Reed, AdwareMedic creator and owner, will join the company as Director of Mac Offerings to lead Malwarebytes' team of Mac developers and researchers, who are attempting to stay ahead of the curve in a changing threat landscape.

Number: IRCNE2015072571
Date: 2015/07/18

According to “zdnet”, Oracle's July critical patch update includes security updates and patches for 193 vulnerabilities including remote exploits and authentication issues.
The California-based company's July 2015 Critical Patch Update includes 193 fixes, 44 of which are for third-party components included Oracle product such as Qemu and Glibc.
In total, 10 fixes have been issued for Oracle Database, and two of the vulnerabilities fixed allow for remote exploitation without authentication. The vulnerability, CVE-2015-2629, has been given a CVSS Base Score of 9.0 for the Windows platform and 7.5 for Linux and Unix platforms.
In addition, Oracle Fusion Middleware received 39 new security fixes, 36 of which are for vulnerabilities which are also remote exploits without authentication. The highest CVSS Base Score for these Fusion Middleware vulnerabilities is 7.5.
A number of patches are destined for various Oracle applications. Oracle E-Business Suite gets 13 fixes, Oracle Supply Chain Suite receives 7, PeopleSoft Enterprise gets 8, and Siebel gets 5 fixes. In addition, two fixes have been issued for the Oracle Commerce Platform.
This CPU also addresses 25 vulnerabilities in Oracle Berkeley DB -- with the highest CVSS Base score reported for these vulnerabilities as 6.9 -- and two security flaws within Oracle Communications Applications.
The recently announced zero-day vulnerability CVE-2015-2590 has also been resolved. The zero-day has been detected as being actively exploited in the wild and exploits via drive-by downloads, and is thought to affect the latest version of Java, version 1.8.0.45 but not older versions.

شماره: IRCNE2015072570
تاريخ:04/24 /94

بنا به گزارشات گروه APT در حال سوء استفاده از يك آسيب پذيري امنيتي اصلاح نشده جاوا مي باشد. اين آسيب پذيري از طريق حملات drive-by downloads بر روي آخرين نسخه جاوا، نسخه 1.8.0.45 مورد سوء استفاده قرار گرفته است. شركت ترند ميكرو اعلام كرد كه نسخه هاي قديمي تر جاوا تحت تاثير اين آسيب پذيري قرار ندارند.
روز دوشنبه شركت سايمانتك نيز اعلام كرد كه مطابق گزارشات مهاجمان در حال سوء استفاده از اين آسيب پذيري مي باشند. شركت سايمانتك اين آسيب پذيري را در رده امنيتي بحراني قرار داده است.
در حال حاضر شركت اوراكل با همكاري شركت ترند ميكرو در حال كار بر روي اصلاح اين مشكل مي باشند. شركت اوراكل به كاربران جاوا توصيه مي كند كه تا زمان انتشار اصلاحيه، جاوا را بر روي مرورگرهاي خود موقتا غيرفعال نمايند.

شماره: IRCNE2015072568
تاريخ:04/24 /94

روز دوشنبه شركت موزيلا اعلام كرد كه اجراي خودكار تمامي نسخه هاي فلش پلير را بر روي فاير فاكس مسدود كرده است. اين انسداد به دليل شناسايي تعدادي آسيب پذيري zero-day در فلش پلير در جريان نشت داده Hacking Team انجام گرفته است.
شركت موزيلا فلش پلير نسخه 18.0.0.203 را به فهرست مسدودي هاي فايرفاكس اضافه كرد و پس از انجام مراحل تست آن را براي كاربران فايرفاكس منتشر نمود.
شركت موزيلا اعلام كرد كه تا زماني كه شركت ادوب تمامي آسيب پذيري هاي شناسايي شده فلش را برطرف نكند، اجازه اجراي خودكار را به پلاگين فلش نمي دهد. در اين مدت هنگامي كه فلش بخواهد محتوايي را نمايش دهد پيغامي در بالاي صفحه نمايش داده مي شود مبني بر اينكه پلاگين ادوب فلش پلير كه مي خواهد اجرا شود يك پلاكين ناامن است. گزينه هاي مبني بر اجراي پلاگين نيز وجود دارد و كاربر مي تواند با آگاهي اجازه اجرا به پلاگين را بدهد.

Number: IRCNE2015072570
Date: 2015/07/15

According to “zdnet”, a new Java-based zero-day vulnerability is reported to be in use by a sophisticated APT group.
The Java zero-day is reportedly being exploited through drive-by downloads on the latest version of Java, version 1.8.0.45. Trend Micro says older versions, Java 1.6 and 1.7 are not affected by this zero-day exploit.
On Monday, Symantec said in a blog post that the antivirus vendor was researching reports that the zero-day vulnerability was active in the wild and being exploited. Symantec regards the vulnerability as "critical," considering the software is widely used by consumers internationally.
Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser.

Number: IRCNE2015072569
Date: 2015/07/15

According to “zdnet”, Adobe has patched two zero-day vulnerabilities in Flash Player, which were released last week as part of the Hacking Team data breach.
In a brief security notice, the company confirmed Tuesday that it had patched the two critical-rated flaws, which could allow an attacker to take control of an affected computer.The Flash flaw affects Windows, Macs, and Linux machines.
Because the exploit code was released, it could be used by hackers to target individuals. Adobe also confirmed it was "aware of reports that exploits targeting these vulnerabilities have been published publicly."
It's been a busy few days, not just for Adobe, but for other companies affected by the vulnerabilities.
Earlier on Tuesday, Firefox browser maker Mozilla said it would block the Flash plugin until the flaw was fixed.
Adobe, which promised Monday to fix the flaw, said that the latest update of the popular browser plugin, version 18.0.0.209 for both Windows and Macs, will prevent attacks.
The company recommended that users update immediately. Internet Explorer 10 and 11 users, along with Chrome users, will receive the update automatically.

Number: IRCNE2015072568
Date: 2015/07/15

According to “computerworld”, Mozilla on Monday began blocking all versions of Adobe Flash Player from running automatically in its Firefox browser, reacting to news of even more zero-day vulnerabilities unearthed in a massive document cache pilfered from the Italian Hacking Team surveillance firm.
Computerworld confirmed that the current production versions of Firefox -- dubbed v. 39 -- on both Windows and OS X now block Flash.
Mozilla engineers swung into action over the weekend after reports surfaced late Friday of another Flash zero-day -- the term that describes a flaw for which there is yet no fix, or patch -- discovered in the gigabytes of data and documents stolen from the Hacking Team. At the time, the bug was the second in Flash spotted in just five days.
Neither the second or the third vulnerability had been patched by Adobe as of late Monday, although the company has promised to do so this week.
Mozilla added the current-as-of-Monday Flash Player 18.0.0.203 to Firefox's "block list" early Monday, and by day's end engineers had finished their work, tested the block and released it to Firefox users.
Until Adobe issues a patched version of Flash, Firefox will not automatically engage the player without warning users, even if they have updated Flash to v. 18.0.0.203 since Wednesday, July 8, when Adobe shipped the patch for the first of the zero-day troika.
Mozilla rationalized the unusual step in one of the messages posted to the pertinent Bugzilla thread. "Even sans non-vulnerable update, we should consider the risks of blocking the vulnerable Flash versions (i.e. all of them) vs. allowing millions of people to use actively exploited versions of Flash without so much as a warning," wrote Mark Schmidt, senior Firefox support lead.
With the block in place, any attempt to play Flash content in Firefox displays a message at the top of the browser display window that reads, "Firefox has presented the unsafe plugin 'Adobe Flash' from running on the target URL."
Users can sidestep the block by clicking an "Allow" button at the far right of the message. Options to allow Flash to run just the once, or permanently, appear next.