A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges

threatpost, secunia

it’s a Windows problem, but only the Safari browser is [so far!!!] affected. Chrome/Chromium might follow soon as they’re very similar and based on the same engine.

Is this the end of antivirus?

If there is one piece of software everyone has installed on their computers and laptops, it’s antivirus. Yes, it’s usually the only security software protecting our files and information from hackers and cyber criminals. Although malware and vulnerability management software should be just as important, we rely far too heavily on antivirus. But in today’s age of advanced hacking, is antivirus still relevant?

The recent high profile Flame and Stuxnet outbreaks has showed hackers are getting cleverer and slicker when it comes to devising attacks. They are creating files that won’t get detected by antivirus; knowing most computer users have it as their only form of security.

Another reason why antivirus fails to detect a virus is an out of date database. With so many new viruses being created every day, users must frequently update to make sure it can identify new threats.

What most computer users don’t realise is that keeping your software up to date is important too. Hackers can find vulnerabilities in software which act as gateways to your PC. Using vulnerability management software can help ensure you keep track of updates across all of your software.

Antivirus still has a critical part to play in the fight against hackers, but it can’t do the job alone. Computer security has to be multi-layered. There is not one single piece of software which can prevent all viruses and intrusions. Instead, having many different types of computer security software such as vulnerability management will decrease the chance of infection.

Do you think antivirus is still useful? How do you keep hackers out?

Windows Anwendungen automatisch auf dem aktuellen Stand halten

Anfrage: Wie kann man seinen Windows Rechner auf dem Laufenden halten, ohne täglich sämtliche Anwendungen auf Updates zu überprüfen?

Lösung: Wir empfehlen wir diesen Zweck das Programm PSI (Personal Software Inspector) von Secunia. Es ist für den Privatanwender kostenlos nutzbar und überprüft im Hintergrund, ob es neuere Software-Versionen gibt. Man kann die Updates automatisch herunterladen und installieren lassen, manchmal ist jedoch ein wenig Handarbeit notwendig.

Nach einem Prüflauf erhält man eine detaillierte Übersicht, welche Programme aktuell und welche nicht mehr auf dem neuesten Stand sind. Kleine Einschränkung: PSI erkennt eine Vielzahl von gängigen Programmen (ca. 5500), jedoch lassen sich nicht alle Anwendungen damit aktuell halten.

Download des Programms unter:
oder als
Online Check unter:

A dispute has erupted between Secunia and the developers of the VLC media player. In December 2012, Secunia released a security advisory for the VLC media player. The developers of the player responded by releasing a patch. However, Secunia says that the patch didn’t fix the vulnerability, and that it is still contained in the current version, 2.0.7, of VLC. Now, the security firm has criticised the VLC developers in a blog post, saying that the developers had questioned the validity of the security advisory and threatened Secunia with legal action on 21 May 2013. The VLC developers have responded.

Harden your Windows installation

Adrian Kingsley-Hughes of suggests:

You should also check that all your programs are updated, especially applications such as web browsers and add-ons such as Adobe’s Flash Player. To take the stress out of doing this I would suggest you download and run Secunia PSI. This will scan your system for out-of-date software, automatically update some of it for you, and tell you how to update the rest yourself.

Source: ZDNet

Windows computers – flawed by popular third-party applications

Windows-operated computers are exposed on a daily basis to cybernetic threats and on some occasions, we quickly assume that the flaws in the OS are to be blamed for the possible virus infections. This opinion was contradicted by a recent study – Vulnerability Review 2013, conducted by security firm Secunia, which stated: “[the report] analyzes […]

The post Windows computers – flawed by popular third-party applications appeared first on SecurEncrypt - HIPAA/HITECH File Encryption Software.

via SecurEncrypt

Why antivirus is not enough to protect your PC.

Are you protecting your computer with antivirus only?

Computer security means more than merely installing antivirus. Antivirus won’t protect you from all threats. More hackers are targeting the vulnerabilities in software because users fail to patch or update on a regular basis. Make the process easier with our patch management software and be informed of updates for your programs.

Find out more about patch management software in this presentation and further information on the software watch this playlist of videos.

Secunia CSI 6.0 is now available in beta

I am proud to announce that the new Secunia Corporate Software Inspector (CSI) 6.0 Beta is now available for testing.

When developing the Secunia CSI 6.0, the overall theme and goal has been to “empower users” to further improve security and reduce risk in your environments.

With empowerment we mean:

  • Seamless integration with your preferred and existing security solutions to provide transparency and maximum value to you. The Secunia CSI can be easily integrated with your preferred Deployment Solution (such as Microsoft WSUS/SCCM or Altiris Deployment Solution) for efficient patch deployment, or you can use the export function in the Secunia CSI to integrate with and push data to, for example a GRC or a SIEM tool. The Secunia CSI 6.0 also provides seamless integration with the Secunia VIM and the newly released Secunia PSI 3.0.
  • Extensive coverage of Operating Systems and Programs that you have in your environment. In addition to covering Windows and Mac OSX, the Secunia CSI now covers Redhat Enterprise Linux (RHEL) as well as any custom software you may have in your environment (please note that RHEL coverage will not be available in the beta release).
  • Easy setup, configuration and usage so that you can focus on getting the job done. For example, Active Directory integration means that you can automatically update organisational units and structure in the Secunia CSI when changes are made to the Active Directory, and Microsoft SCCM integration means that you can avoid installing any new agents in your environment at all, significantly decreasing the time spent on setting up and configuring the Secunia CSI.
  • Finding the data that matters to you easily and quickly, and take the appropriate action, by using Secunia Smart Groups.
  • Deployment of security updates that are available out-of-the box allows you to quickly get the job done.

In short, we believe that Secunia CSI 6.0 is a lot more than “just another Patch Management tool”, and we have been looking forward to this day and to being able to share it with all of you. 

Please have a look at for more info.

Stay Secure,

Morten Stengaard
Director, Product Management & Quality Assurance

Fix Loop Holes In Your Computer`s Security Using Secunia PSI: I have been giving remote technical support to hom…

— Experts Galaxy (@expertsgalaxy)

July 19, 2012

Great way to keep your computer software up to date! Secunia Personal Software Inspector Review…

— Sherry P. (@Elleberra)

July 18, 2012

RT @techSage:MS COO:Infographic:Microsoft leads in security according to Secunia against Oracle, Apple & #WPC12

— ApexComputerSystems (@ApexInTheCloud)

July 11, 2012

A very interesting talk by @carsteneiram of Secunia at @RVAsec about code maturity “Is SDL a Waste of Time?”…

— Parvez Anwar (@ParvezGHH)

July 11, 2012

Don't miss Secunia’s webinar on July 19th

Are you facing problems with patching your business critical systems and fighting vulnerabilities?
Join Secunia’s Senior Technical Solution Specialist, on July 19th @ 11am CET to learn how Secunia’s powerful Vulnerability Intelligence and Patch Management solutions have helped corporate customers worldwide to keep up-to-date with the latest software vulnerabilities and optimise vulnerability and risk management frameworks.

For more information, visit our site.