Highlights and Updates

Dropbox patches shared links security flaw

Tuesday, 6th May 2014
Dropbox has now patched a security vulnerability which could give third parties access to server data without authorization.

Apple preparing fix for iOS 7 mail attachment bug

Tuesday, 6th May 2014
Apple acknowledged a bug in iOS that leaves email attachments vulnerable and has committed to fixing it. 
Luckily the bug is difficult to exploit and doesn't affect iPhone 4s and later devices running iOS 7.1.

Facebook introduces anonymous login

Monday, 5th May 2014
Facebook has announced the availability of an anonymous login feature, allowing users to log into apps without sharing any personal information, along with a new version of Facebook Login with better privacy controls.

PHP releases new version that fixes multiple security flaws including Heartbleed.

Monday, 5th May 2014
The maintainers of PHP have released two new versions of the scripting language, Version 5.4.28  and Version 5.5.12. Both contain a fix for the OpenSSL Heartbleed vulnerability as well as important fixes for over a dozen other vulnerabilites.

Microsoft has Released a Security Update for the Critical Internet Explorer Vulnerability, Includes XP Users as well

Friday, 2nd May 2014
Microsoft has released out-of-band updates to address the critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.

Apache Struts Released to Fix Two Critical Vulnerabilities

Wednesday, 30th April 2014
Version fixes two critical vulnerabilities that can allow Remote Code Execution via ClassLoader manipulation, and DoS attacks.
All Struts 2 developers are strongly advised to update their installations to this version as soon as possible. 

Mozilla Releases Security Updates for Firefox, Thunderbird, and Seamonkey

Wednesday, 30th April 2014
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. 

Siemens patches Heartbleed vulnerability in SCADA systems and eLAN products

Wednesday, 30th April 2014
Siemens has released security updates that fix the Heartbleed vulnerability in their eLAN products and their WinCC OA SCADA software. Siemens is still currently preparing updates for their other products which have the Heartbleed vulnerability.

Attackers use reflection techniques rather than traditional Botnet infections for larger DDoS attacks, says new report

Tuesday, 29th April 2014
Akamai announced a new global DDoS attack report, which shows that in Quarter one of this year, DDoS attackers relied less upon traditional botnet infections in favor of reflection and amplification techniques.

Adobe Releases Security Updates for Flash Player

Tuesday, 29th April 2014
Adobe is aware of reports of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities.