Entries by Fredrik Svantes

Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could […]

Basefarm SIRT Newsletter #2

Basefarm SIRT weekly newsletter #2 Year – Week: 2013 – 06 Basefarm SIRT is the Security Incident Response Team of the Basefarm Group. We are posting weekly newsletters with the latest security information which we find interesting to the Basefarm Blog. Preface As you remember from last week, The New York Times had been severely […]

High Risk Flash Vulnerability

Unfortunately, there have been multiple zero-day exploits released for a couple of versions of Adobe Flash today. This could potentially mean that the news site you browse daily could be using ads from an ad-network which has been compromised and serves malware to your system (it’s actually one of the most common way of being […]

Java (1.7.0_13) update fixes 50 security vulnerabilities

Oracle has released another update of Java (1.7.0_13). For those who need Java, it is strongly advised to update as soon as you can. You can download the latest version here: http://www.java.com Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version: http://www.java.com/en/download/help/java_update.xml Remember to […]

Basefarm SIRT Newsletter #1

Basefarm SIRT NEWSLETTER #1 Year – Week: 2013 – 05 Welcome to the first weekly security newsletter from your Basefarm SIRT team! In this newsletter we try to collect the latest weekly security news that we find worthwhile. As always, we continue sending out flash messages for critical issues that we find, but that does […]

UPnP Vulnerability

On Tuesday, computer security firm Rapid 7 released information that they found approximately 23 million products connected to the Internet that are susceptible to being completely taken over by anyone with bad willed intent, and another 40 million can be shut down remotely by someone who wants to. The vulnerability affects 1500 vendors (including vendors […]

High risk Ruby on Rails vulnerability

Most users tend to run Ruby on Rails 3.2 these days, but some still run Rails 3.0 or 2.3. Those who do can not update their application to run Rails 3.2 and need to run Rails 3.0 or 2.3 are strongly advised to update their Rails to 3.0.20 or 2.3.16. To quote the authors of […]

High Risk WordPress vulnerability

WordPress pushed out version 3.5.1 of its open source blogging platform yesterday, fixing 37 bugs including several cross-site scripting (XSS) errors and a vulnerability that could have allowed an attacker to expose information and compromise an unpatched site. Until yesterday, the aforementioned vulnerability, discovered by security researchers Gennady Kovshenin and Ryan Dewhurst, affected all versions […]

LinkedIn Phishing mails

There’s been a couple of reports this week about a mail arriving that looks like it’s from LinkedIn. It’s quite a good fake; unless you mouse-over the links inside it and look at where they go before clicking, you might very well fall victim. If you do click, you’ll be redirected to a malicious webpage […]