Adobe apparently just released Flash version 220.127.116.116. There is nothing on Adobes website if this is a patch. As a matter of fact, Adobe still lists 18.104.22.1687 as the most recent version .
Category: Research & Alerts
Original release date: January 24, 2015 The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.
Original release date: January 23, 2015 The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it. Users and administrators are encouraged to review the FBI article ” Ransomware on the Rise ” for details and refer to Alert TA-295A for information on Crypto Ransomware.
Vulnerability Note VU#546340 QPR Portal contains multiple vulnerabilities Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability.
We have decided to change the Infocon 1 to yellow in order to bring attention to the multiple recentAdobe Flash Player vulnerabilities 2 that are being actively exploited. There have been 3 patchedvulnerabilities thathave an update and applying themis highly recommended. 1 of the vulnerabilities has not yet been patched, and is expected to be released as an OOB (Outof Band) next week by Adobe 3 .
The last two weeks, we so far had two different Adobe advisories (one regularly scheduled, and one out of band), and three new vulnerabilities. I would like to help our readers deciphering some of the CVEs and patches that you may have seen. CVE Fixed in Flash Version”> yes APSA15-01 So in short: There is still one unpatchedFlash vulnerability
We would like to thank Richard Ackroyd of RandomStormfor reporting a critical input validation error in our site to us. As we have done before, here is how it happened so hopefully you can learn from it as well.
Vulnerability Note VU#637068 LabTech contains privilege escalation vulnerability Original Release date: 23 Jan 2015 | Last revised: 23 Jan 2015 Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284 : Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges.