Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band...

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel

While much of the world was focused yesterday on the Gauss malware saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the Zeus and Citadel attacks, though the motivation behind the attack is somewhat of a mystery. The new...

RHEL 6 : java-1.6.0-sun (RHSA-2012:0734)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0734 advisory. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes severa...

OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

Report: Strategic Web Compromises Behind Recent Hack of Amnesty, Others

A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. In a report on Tuesday, the Foundation said that its members had witnessed a...

New Flashback Variant Using Twitter as Backup C&C Channel

The latest version of the Flashback malware that’s infecting Macs has a new command-and-control infrastructure that used Twitter as a fallback mechanism in case the normal C&C system isn’t available. This is not the first time a botnet has used Twitter for some form of command and control, but it...

Flashback/SabPub

2012 The Mac malware scene shifted into high gear in 2012 with the emergence of the Flashback trojan and the revelation that its authors had control of a massive botnet containing well over a half-million machines. Flashback and SabPub, which exploited the same Java vulnerabilities, are the first...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:0508)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0508 advisory. - HTTPS: block-wise chosen-plaintext attack against SSL/TLS BEAST CVE-2011-3389 - OpenJDK: RMI registry privileged code execution RMI,...

Analysis: Flashback Spread Via Social Engineering, Then Java Exploits

Kaspersky Lab‘s latest analysis of the Mac OS X Flashback botnet reveals that the botnet’s malware was spread via drive-by downloads on hacked WordPress web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that...

More than 600000 Macs system infected with Flashback Botnet

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computer...

[SECURITY] [DSA 2420-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2420-1 [email protected] http://www.debian.org/security/ Florian Weimer February 28, 2012 http://www.debian.org/security/faq -...

RHEL 5 : java-1.6.0-openjdk (RHSA-2012:0322)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0139 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - OpenJDK: AtomicReferenceArray insufficient array type check...

Carberp and Black Hole Exploit Kit Wreaking Havoc

The Black Hole exploit kit and the Carberp Trojan have a lovely, symbiotic relationship and they’ve recently decided to take that relationship to the next level. In the last month, there has a been a major spike in the volume of Carberp infections related to attacks from sites hosting Black Hole,...

Bleeding Life 2 Exploit Pack Released

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version...

JDK: unspecified vulnerabilities fixed in 6u26 (Sound)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different...

JDK: unspecified vulnerabilities fixed in 6u26 (Sound)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:054)

Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk : The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances...

RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2010:0383)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

RHEL 5 : java-1.6.0-sun (RHSA-2010:0337)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0337 advisory. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes severa...