Fake EFF Site Used in Spear Phishing Campaign

Attackers, possibly associated with the Russian government, registered a phony Electronic Frontier Foundation domain earlier this month in an attempt to dupe users into thinking correspondence from the site was coming from the well-known privacy watchdog. The scheme, largely carried out via spear...

Sun Java Runtime New Plugin docbase Buffer Overflow

No description provided by source. $Id: javadocbasebof.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Caphaw Banking Malware Distributed via YouTube Ads

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware. YouTube In-Stream...

java-1.7.0-openjdk security update

1.7.0.51-2.4.4.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.51-2.4.4.1.el5 - updated to security icedtea 2.4.4 - icedteaversion set to 2.4.4 - updatever bumped to 51 - release reset to 1 - build requires: java-devel = 1:1.6.0 changed java7-devel - Resolve...

Security Explorations Finds Seven New Flaws in IBM SDK

Security researcher Adam Gowdiak and his team at Security Explorations have discovered another batch of issues that stem from the way Java is implemented in certain versions of software, in this case, IBM’s SDK. Gowdiak wrote Monday on the Full Disclosure mailing list about the issues, seven in...

Gong Da Exploit Kit Bundling Numerous Java Attacks

Don’t expect any relief from the current assault on Java. A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and Gong Da exploit kits, setting the stage for additional attacks, researchers said. The exploit was...

Billions of Windows Users Affects with Java Vulnerability

Researchers at Security Explorations disclosed a new vulnerability in Java that could provide an attacker with control of a victim's computer. The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operati...

Detecting and Removing Vulnerable Java Versions

As attacks on the new Java zero-day vulnerability continue and researchers look for ways to mitigate the flaw, they are encouraging users to disable Java in their browsers. There is now a site that users can visit that will detect whether their browser is running a vulnerable version of Java...

Apple Issues Update to Prevent Flashback Malware from Infecting Mac OS X Machines

Less than a day after reports began surfacing that the Flashback trojan was hitting Mac OS X machines, Apple today released a fix to stop the latest variant of the password-stealing malware. The update closes numerous vulnerabilities in Java 1.6.029, including a serious hole that allowed an...

libxml2 security update

2.7.6-4.0.1.el62.4 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.7.6-4.el62.4 - remove chunk in patch related to configure.in as it breaks rebuild - Resolves: rhbz788845 2.7.6-4.el62.3 - fix previous build to force compilation of...

wireshark security update

1.0.15-1.0.1.el56.4 - Added oracle-ocfs2-network.patch 1.0.15-1.4 - fix few security issues - Resolves: CVE -2011-0024 CVE-2011-0538 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141 CVE-2011-1143 612240 1.0.15-1.3 - recompile with -fno-strict-aliasing 1.0.15-1.2 - fix buffer overflow in ENTTEC dissector...

Sun Java Runtime New Plugin docbase Buffer Overflow

This module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a "launchjnlp"...

Solaris 10 (sparc) : 125100-10

SunOS 5.10: Kernel Update patch. Date this patch was last updated by Sun : Jun/26/07 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

Solaris 9 (sparc) : 118829-04

Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc...

ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Home Environment Variable Buffer Overflow For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: By setting a long ORACLEHOME value more...