Java News, Articles and Updates
Our First Look this month generated one of those "ah ha!" moments in us when we saw what it was and how it worked.
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
Mark Reinhold, the chief architect of the Java platform group, announced the delay late last week.
An improved notification system will help protect users from running risky applications from untrusted sources.
The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.
Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.
Kaspersky researchers have detected that distribution of the exploit is at least in the thousands, with the majority of impacted users located in the U.S., Russia and Germany.
The vulnerability already has been added to commercially available attack toolkits, such as BlackHole and Nuclear Pack.
One day after Oracle released a massive security update, which included fixes for a number of Java vulnerabilities, Apple shipped its own update for Java for Mac OS X.
The latest flaw affecting Java SE could allow an attacker to take over machines through a complete security sandbox bypass. But, so far, there have been no reports of active exploits.
Researchers believe the Nitro crime gang, also behind Oracle's Java zero-day exploit, launched recent attacks through a vulnerability in Internet Explorer 9 and earlier versions.
Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.
Apple has released Java updates to patch vulnerabilities in Mac OS X Lion, Mountain Lion and Snow Leopard.
Hours after the company that maintains Java released a much-anticipated patch for a widespread malware attack, Polish firm Security Explorations said it discovered a new vulnerability in the software platform.
Patch alert: In a rare, if not unprecedented, move, Oracle on Thursday issued an out-of-cycle patch for gaping holes in Java 7 that have been widely exploited to spread malware.
In light of the fast-spreading Java 7 exploit, Mozilla has become the first browser maker to suggest users disable Java functionality.
As expected, exploits taking advantage of gaping holes in Java now are growing in prominence -- and the big question is: When will Oracle patch the issue?
A new Java exploit is expected to become more widespread now that proof-of-concept code has been published. Oracle isn't scheduled to update Java until October.
Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.
A researcher investigated Java exploits, and drew on one well-know example, to explain how one of the most common classes of attack spreads.
The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.
Traditionally, Apple has taken some time to release updates for its own version of third-party software. But that may be changing if Tuesday's concurrent patches for Java are any guide.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
SC Magazine Articles
- WordPress Summer of Pwnage: 64 holes in 21 days
- Deal with the devil: Ransomware experiment proves you can negotiate price down
- 2.3 million 'Warframe,' 'Clash of Kings' accounts compromised
- Microsoft EOP exposes users to data breaches, whitepaper
- Cerber ransomware C&C server shut down by research firm and CERT-Netherlands
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks
- Russian hackers take the stage at DNC convention
- TSA master key hackers expose dangers of physical and digital key escrow policies
- Patchwork cyberespionage campaign branches out to strike businesses
- Proliferation of hacker culture helped keep Anonymous from being branded terrorist org
- SC wins three top national honors from ASBPE