Hot on the heels of Joomla 3.7.1, here’s 3.7.2. This version fixes a few bugs that were introduced in Joomla 3.7.1 and includes a few other minor tweaks. None of the changes are security-related.
An Opera release somehow got past my “infallible” system for not missing anything important. Back to the drawing board I guess.
The Opera users among you probably noticed the browser having trouble disengaging itself from the Windows taskbar lately. Opera 45.0.2552.812, released on May 15, finally fixes this annoying issue. A handful of other minor bugs are addressed in the new version. None of the fixes are related to security.
Released on May 19, Firefox 53.0.3 fixes a couple of obscure bugs, neither related to security.
There’s a new version of Joomla that addresses a critical security issue in version 3.7.0 and earlier. Anyone who manages Joomla web sites should update those sites immediately. Joomla 3.7.1 also includes a handful of non-security bug fixes.
A new version of WordPress repairs six vulnerabilities in earlier versions. Most WordPress sites are configured to automatically update themselves, but if you manage any WordPress sites, you should make sure they’re all up to date.
The accidental stifling of WannaCrypt’s spread was too good to last, apparently. New versions of the ransomware — unaffected by the serendipitous domain registration of a security researcher — are now making their way around the world. You can even watch the malware spread using MalwareTech’s WannaCrypt live feed.
Our advice remains the same: make sure all your Windows computers have the relevant updates installed, including Windows XP. Microsoft’s Customer Guidance for WannaCrypt attacks is a good place to start; there are links to the updates at the bottom of that page. For more information about the exploit used by WannaCrypt, see Microsoft’s MS17-010 bulletin from March 14.
SANS has a good summary of the technical aspects of WannaCrypt.
Update 2017May16: There’s plenty of blame to go around for this mess. Microsoft is being criticized for abandoning Windows XP when it’s still widely used. Meanwhile, Microsoft is blaming the NSA’s vulnerability hoarding.
The release notes for Vivaldi are getting harder to find on the browser’s web site, but they are still being updated. The release notes for Vivaldi 1.9.818.49, which was released on May 10, show that this version fixes a few bugs that showed up after Vivaldi 1.9 was released in late April.
The release announcement for Vivaldi 1.9.818.49 just echoes what’s in the release notes.
Ransomware known as WannaCrypt (aka WCry, WannaCry) has already crippled as many as 75,000 unpatched Windows computers in Europe and Asia. So far it hasn’t done much damage in North America, but that could change quickly.
The flaw WannaCrypt uses to infect Windows computers was patched by Microsoft in March, but unpatched computers and those running unsupported versions of Windows were left unprotected.
Microsoft has long since stopped releasing security updates for Windows XP, but WannaCrypt is spreading quickly, and Windows XP computers are essentially defenseless against it. So Microsoft has taken the unprecedented step of publicly releasing an update that protects Windows XP computers from the flaw that WannaCrypt uses to spread.
If you manage any computers that run Windows XP, you should install the update immediately: download update for 32-bit Windows XP Service Pack 3. There’s more information about this from Microsoft.
Techdirt points out that the flaw WannaCrypt exploits was exposed in the recent NSA tool leaks. Which is exactly the problem when security organizations hoard flaws instead of reporting them responsibly.
Update 2017May14: Apparently a security researcher at MalwareTech registered a (previously unregistered) domain used by WannaCrypt as part of his investigation into the ransomware. This is standard practice, because it often allows researchers to gain a better understanding of their subject. Surprisingly, this move stopped WannaCrypt from doing any further damage.
Though it’s not mentioned until close to the end of the page, a recent announcement on the Opera blog entitled ‘Opera is Reborn‘ is actually about a specific new version of the browser: 45.
Opera 45 includes numerous changes to the user interface, mostly related to aesthetics: colours, backgrounds, icons, and animation. The integrated ad-blocker now reloads pages automatically when ad blocking is switched on and off. Social messaging software (Facebook Messenger, WhatsApp and Telegram) is now integrated into the sidebar. Video performance is improved slightly on some hardware. And you’ll now see warnings below password and credit card fields on web sites that don’t support encryption.
Many of Opera 45’s changes come from the experimental browser Neon, which Opera released a few months ago to test some ideas and elicit user feedback.
You can peruse the full change log for more information. That log includes changes to development and pre-release versions as well.