RHEL 5 : java-1.4.2-ibm (RHSA-2012:0702)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0702 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 2D...

It's Time to Abandon Java

As humans, we have a difficult time letting go of things. Whether it be a favorite pair of jeans, a beloved dog or an old friend who you know is just bringing you down, putting aside things we know well is hard to do. But sometimes things are just too broken to be useful any longer, and that’s th...

Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities

Description Oracle Java Runtime Environment is prone to multiple remote code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application. Versions prior to Oracle JRE 1.7.0 Update 11 are vulnerable. Technologies Affected CentOS CentO...

JDK: getDeclaredMethods() and setAccessible() code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

OpenJDK: Executors state handling issues (Concurrency, 7189103)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency...

Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In

Is the Java browser plug-in the IT equivalent of the human appendix? Would you miss it if it were gone? Probably not, experts say, especially now that attackers are beating the Java sandbox with a rash of zero-day exploits. “It’s simply safer to have the Java plug-in disabled in the browser knowi...

Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band...

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel

While much of the world was focused yesterday on the Gauss malware saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the Zeus and Citadel attacks, though the motivation behind the attack is somewhat of a mystery. The new...

RHEL 6 : java-1.6.0-sun (RHSA-2012:0734)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0734 advisory. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes severa...

OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

Report: Strategic Web Compromises Behind Recent Hack of Amnesty, Others

A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. In a report on Tuesday, the Foundation said that its members had witnessed a...

New Flashback Variant Using Twitter as Backup C&C Channel

The latest version of the Flashback malware that’s infecting Macs has a new command-and-control infrastructure that used Twitter as a fallback mechanism in case the normal C&C system isn’t available. This is not the first time a botnet has used Twitter for some form of command and control, but it...

Flashback/SabPub

2012 The Mac malware scene shifted into high gear in 2012 with the emergence of the Flashback trojan and the revelation that its authors had control of a massive botnet containing well over a half-million machines. Flashback and SabPub, which exploited the same Java vulnerabilities, are the first...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:0508)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0508 advisory. - HTTPS: block-wise chosen-plaintext attack against SSL/TLS BEAST CVE-2011-3389 - OpenJDK: RMI registry privileged code execution RMI,...

Analysis: Flashback Spread Via Social Engineering, Then Java Exploits

Kaspersky Lab‘s latest analysis of the Mac OS X Flashback botnet reveals that the botnet’s malware was spread via drive-by downloads on hacked WordPress web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that...

More than 600000 Macs system infected with Flashback Botnet

More than 600000 Macs system infected with Flashback Botnet The computer security industry is buzzing with warnings that more than half a million Macintosh computers may have been infected with a virus targeting Apple machines. Dr. Web originally reported Wednesday that 550,000 Macintosh computer...

[SECURITY] [DSA 2420-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2420-1 [email protected] http://www.debian.org/security/ Florian Weimer February 28, 2012 http://www.debian.org/security/faq -...

RHEL 5 : java-1.6.0-openjdk (RHSA-2012:0322)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0139 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - OpenJDK: AtomicReferenceArray insufficient array type check...

Carberp and Black Hole Exploit Kit Wreaking Havoc

The Black Hole exploit kit and the Carberp Trojan have a lovely, symbiotic relationship and they’ve recently decided to take that relationship to the next level. In the last month, there has a been a major spike in the volume of Carberp infections related to attacks from sites hosting Black Hole,...