Volume of Malware Targeting Java CVE-2012-1723 Flaw Spikes

It’s been nearly two months since Oracle patched the CVE-2012-1723 Java vulnerability, a serious remote pre-authentication flaw that’s present in the Java Runtime Environment. It’s taken a little time, but the attacker community has decided that this bug deserves some serious attention, and as a...

Black Hole Exploit Kit Targeting Java CVE-2012-1723 Flaw

A new fork of the Black Hole exploit kit is making quick work of a recently patched Java vulnerability and security researchers say that the attackers are registering new sites quickly to exploit users with vulnerable browsers. The CVE-2012-1723 Java vulnerability that the Black Hole exploit kit ...

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat Apple has quietly removed a statement from its website that the Mac operating system isn't susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback...

OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

Stolen Certificates Found in Malware Possibly Targeting Tibetan Groups

The recent trend of attackers using stolen digital certificates to make their malicious executables look legitimate is continuing unabated, with researchers now having come across a series of variants of the Etchfro Trojan that are using certificates taken from several companies and issued by...

Human Rights organisation website Serves Gh0st RAT Trojan

Human Rights organisation website Serves Gh0st RAT Trojan According to the company's Security Labs blog, Amnesty International's United Kingdom website was compromised and hosting the potent Gh0st RAT Trojan earlier this week. Malicious Java code was planted on the site in a bid to push the Gh0st...

Conflicting Reports On Receding Flashback Levels

The number of Macs infected with the Flashback malware continue to decline but it’s not entirely clear to what degree. Initial numbers estimated that there were about 600,000 infected computers in total yet those numbers dropped last week to 237,000 and now, according to research by Symantec...

Sabpab - Another Mac os Backdoor Trojan Discovered

Sabpab - Another Mac os Backdoor Trojan Discovered Security firm Sophos has discovered more malware for the Mac OS X platform called Sabpab. It uses the same Java vulnerability as Flashback to install itself as a "drive-by download." Users of older versions of Java now have still more malware to...

Apple Developing Fix For Flashback Malware

Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. The latest version of Flashback has built a botnet that at times has included more than 600,000 infected machines. Apple said on Tuesday that it was...

Apple Issues Update to Prevent Flashback Malware from Infecting Mac OS X Machines

Less than a day after reports began surfacing that the Flashback trojan was hitting Mac OS X machines, Apple today released a fix to stop the latest variant of the password-stealing malware. The update closes numerous vulnerabilities in Java 1.6.029, including a serious hole that allowed an...

New Java Exploits boosts BlackHole exploit kit

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. Th...

Kaspersky finds Malware that resides in your RAM

Kaspersky finds Malware that resides in your RAM Kaspersky Lab researchers have discovered a drive-by download attack that evades hard-drive checkers by installing malware that lives in the computer's memory. The 'fileless' bot is more difficult for antivirus software to detect, and resides in...

CVE-2012-0505

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.235 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality,...

In Possible Targeted Attack, Amnesty International Web Site Found Serving Malware

Amnesty International’s United Kingdom website was compromised late last week and was being used to exploit a known Java runtime environment hole on machines belonging to unwitting visitors to the site, according to Barracuda Labs researcher, Paul Royal. Citing historical data, Royal claims that...

Exploit Kits Now Updated With New Wares Before Patches Are Ready

The creators and maintainers of exploit kits often rely on public reports of new exploits and proof-of-concept exploit code in order to be able to add new exploits to their software. And in many cases, the exploits included in kits such as Black Hole and Eleonore and others will be for...

New Java Vulnerability Coming Bundled With Exploit Kits

A recently discovered Java vulnerability that’s been circulating throughout the hacking underground has begun to show up alongside the BlackHole exploit kit, according to a post on Brian Krebs’ KrebsonSecurity blog. The National Vulnerability Database claims the vulnerability is found in the Java...

JDK: unspecified vulnerability fixed in 6u29 (Deployment)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to...

90000 web pages infected by mass iFrame attack

90000 web pages infected by mass iFrame attack Security Experts Wayne Huang, Chris Hsiao, NightCola Lin discovered that more than 90000 web pages are infected by mass iFrame attack. There's been a mass scale injection ongoing recently, with the injected iframe pointing to willysy.com . Just Try a...

OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...