Latest news and threats

For the latest news, cyber threats and solutions  - please click here.

The following are set for archieve.

22 July 2015 | Google releases security update for Chrome | Google

Google has released Chrome version 44.0.2403.89 for Windows, Mac and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. For more information please review the information on this link.

21 July 2015 | Microsoft update | Microsoft

Microsoft has released a security update to address a critical vulnerability in Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. For further information please go to Microsoft on this link. We would always recommend that users regularly check for Microsoft Windows updates, or set critical updates to automatic.

14 July 2015 | Microsoft security updates for July | Microsoft

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. For further information please review Microsoft's bulletin on this link.

11 July 2015 | Updates for Adobe Flash and Shockwave Player | Adobe

There have been updates to Adobe Flash and Shockwave Player. Users are advised to download the latest updates from Adobe on this link for flash and this link for shockwave.

25 June 2015 | Cisco releases security updates | Cisco

Cisco has released security updates to address multiple vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected appliance. For further information please go to this link.

23 June 2015 | IC3 issues alert on CryptoWall Ransomware | US-CERT

The Internet Crime Complaint Center (IC3) has issued an alert warning that businesses and individuals are still at risk of CryptoWall ransomware fraud. Scam operators use ransomeware – a type of malicious software – to infect a device and restrict access until a ransom fee is paid. Individuals and organisations are discouraged from paying the ransome, as this does not guarantee files will be released. For further information please an FBI public service noticeon  this link. Note: It is always advisable to regularly back-up all data files and keep at least one copy in a separate location, preferable on a drive NOT connected to a network.

23 June 2015 | Security updates for Adobe Flash Player | Adobe

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Mac and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. For further information please go to this link.

23 June 2015 | Google security update for Chrome | Google

Google has released Chrome version 43.0.2357.130 for Windows, Mac and Linux to address multiple vulnerabilities. Exploitation of one of these may allow a remote attacker to obtain sensitive information. For further information go to this link.

12 June 2015 | OpenSSL patches for multiple vulnerabilities | OpenSSL

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography – an attack known as Logjam. Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection. For further information go to this link.

11 June 2015 | Ubunto security updates | Ubunto

Ubunto has released 10 security updates to address multiple vulnerabilities affecting Ubunto 15.04, 14.10, 14.04LTS and 12.04LTS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system. For further information please review Ubunto security notices starting on this link.

9 June 2015 | Microsoft security bulletin for June 2015

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. For further information please go to this link.

9 June 2015 | Security updates for Adobe Flash Player  Adobe

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Mac and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. For further information please go to this link.

19 May 2015 | Google security update for Chrome | Google

Google has released Chrome version 43.0.2357.65 for Windows, Mac and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. For further information please go to this link.

12 May 2015 | Security updates for Firefox, Firefox ESR and Thunderbird | Mozilla

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information. It is recommended that users update their products.

12 May 2015 | Security updates for Adobe Flash Player, Reader and Acrobat | Adobe

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader and Acrobat. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. For further information please go to this link.

12 May 2015 | Microsoft security bulletin for May 2015

Microsoft has released 13 updates this month. These address vulnerabilities in Microsoft Windows, some of which could allow elevation of privilege, denial of service, remote code execution, information disclosure or security feature bypass. For further details please go to this link.

27 April 2015 | Wordpress security update | Wordpress

WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. For further information, please review this link.

16 April 2015 | Security updates, various | US-CERT

Google has released Chrome 42.0.2311.90 for Windows, Mac and Linux to address multiple security vulnerabilities. For further information please review this link.

Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. For further information please review this link.

Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion and Flex. For further information please review this link.

15 April 2015 | TA 15-105A : Simda Botnet | US-CERT

The Simda botnet - a network of computers infected with self-propagating malware - has compromised more than 770,000 computers worldwide. This affects the Windows operating system. It is recommended that computers are running anti-virus software which are regularly updated, passwords are changed if it is thought that they may have been compromised, and that Microsoft updates are used to maintain current security patching. For further information please review this link.

14 April 2015 | Microsoft security bulletin for April 2015

Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.
For further information please review this link to Microsoft.

9 April 2015 | TA 15-098A: AAEH Malware Downloader | US-CERT

AAEH is a family of polymorphic downloaders created with the primary purpose of downloading malware, including password stealers, rootkits, fake antivirus and ransomeware. It can be propagated across networks, removable drives, and through Zip archive files. Also known as VObfus, VBOfus, Beebone or Changeup, this malware has the ability to change its form with every infection. Once installed it morphs every few hours and rapidly spreads across a network, and has been used to download malware such as Zeus, Cryptolocker, Zero Access and Cutwail.

Affected systems are Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7 and 8. Server 2003, 2008, 2008R1 and 2012

Solution: You are recommended to use and maintain antivirus software and ensure that they are updated, and keep uptodate software patches and Microsoft updates.  If compromised you should change your passwords. Further information on this link. If in doubt ask for advice.

8 April 2015 | Security updates for Apple OS | Apple

Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of the vulnerabilities may allow a remote attacker to take control of the affected system. For more information please review this link.

6 April 2015 | Security update for Firefox | Mozilla

The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. For further information please review this link.

2 April 2015 | Google releases security for Chrome | Google

Google has released Chrome 41.0.2272.118 for Windows, Mac and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. For further information please review this link.

1 April 2015 | Mozilla releases security updates | Mozilla

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system For more information please review this link.

24 March 2015 | Hijacking vulnerability Android devices | US-CERT

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android v4.4 or later are NOT vulnerable. US-CERT advises users to ensure thier devices are running an up-to-date version of Android and to use caution when installing software from third-partu application stores.

20 March 2015 | Mozilla releases security update for Firefox | Mozilla

The Mozilla Foundation has released updates to address vulnerabilities in Firefox, Firefox ESR and Sea Monkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected machine. For further information please go to this link.

20 March 2015 | Apple releases security updates | Apple

Apple has released security update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of these may allow a remote attacker to take control of an infected machine. For more information go to this link.

19 March 2015 | Open SSL patches vulnerabilities | OpenSSL

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a Denial of Service attack against the server. For more information please go to this link.

19 March 2015 | Ubuntu security update | Ubuntu

Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubunto 14.10, 14.04 LTS, 12.04 LTS and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. For further information please review this link.

18 March 2015 | Security update for Safari | Apple

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system. For further information please review this link.

12 March 2015 | Adobe security update for flash player | Adobe

Adobe has released security updates for flash player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Please review the Adobe security bulletin on this link for further information.

10 March 2015 | Microsoft security bulletin for March 2015

The March updates are rather extensive. The vulnerabilities patched are exploits that could allow remote code execution, spoofing, security feature bypass, denial of service, elevation of privilege or disclosure of sensitive information. For users of Microsoft operating systems it is essential to use Microsoft update regularly or ensure updates are set to automatic. Further information on the March updates may be seen on this link.

24 February 2015 | Security update for Firefox and Thunderbird | Mozilla

The Mozilla foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR and Thunderbird.
These exploits may allow a remote attacker to obtain sensitive information or execute arbitrary code on an affected system. For further information please view the Mozilla report on this link.

20 February 2015 | Lenovo computers vulnerable to https spoofing | Lenovo

Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote hacker to read all encrypted web browser traffic, successfully spoof any website, or perform other attacks on an affected system. Further information on this link.

10 February 2015 | Microsoft security bulletin February 2015

The February updates from Microsoft include patches for Internet Explorer which corrects a vulnerability which could allow remote code execution if user views expertly crafted web pages containing exploits. Other fixes are for Windows operating system, group policies, Microsoft Office, Microsoft Graphics and Virtual Machine Manager. For full report go Microsoft on this link.

27 January 2015 | Apple releases security updates | Apple Inc

Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. For more information start with this link.

20 January 2015 | Oracle releases January 2015 security advisory | Oracle

Oracle has released its critical patch update for January 2015 to address 169 vulnerabilities across multiple products.
For further information please go to the Oracle link here.

20 January 2015 | Ubuntu releases security updates | US-Cert

Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 (Thunderbird and its derivatives) Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Please refer to Ubunto security notices for further information.

 13 January 2015 | Microsoft security bulletin for January 2015

This month Microsoft has released eight updates to address vulnerabililities in Microsoft Windows. Some can allow elevation of privilege, denial of service, remote code execution, or security feature bypass. For further information please go to:
https://technet.microsoft.com/library/security/ms15-jan

12 January 2015 | GCHQ reveal intensity of web site hacking on UK companies | The Independant

Prime Minister, David Cameron, is discussing the growing threats of cyber attacks with President Obama this week, as details emerged of a major espionage campaign against the British energy sector. GCHQ report reveals that every day a British firm or organisation's website is being compromised by hackers. A GCHQ report called 'Common Cyber Attacks: Reducing the Impact" is due out later this week. For full details of the story go to
http://www.independent.co.uk/news/uk/politics/david-cameron-to-discuss-cyber-crime-threat-with-president-obama-9970420.html

9 January 2015 | OpenSSL patches for eight vulnerabilities | US-CERT

OpenSSL has released updates patching eight vulnerabilities, one which might allow an attacker to cause a Denial of Service condition.
Please review the information given on this link to apply the necessary updates.

For archived news and threat items from 2014 please go to this link.