Yahoo Removes Ads Redirecting to Magnitude Exploit Kit

The race to replace the Blackhole Exploit Kit as the web exploit pack of choice for cybercriminals seems to have an early leader in Magnitude. Researchers at Dutch security firm Fox-IT reported over the weekend that European visitors to Yahoo were falling victim to malicious ads hosted on the sit...

Multiple Java vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Dec 11 10:53:34 CST 2013 | Updated: Mon Feb 3 10:36:58 CST 2014 | Updated: Sections II and III modifications | Updated: Includes VIOS The most recent version of this document is available here:...

MGASA-2013-0322 Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

JDK: java.lang.class code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

CVE-2013-5782

CVE-2013-5782 is one of multiple Oracle Java/IBM SDK vulnerabilities disclosed in October 2013 CPU updates. The IBM bulletins enumerate affected IBM SDK/JAVA components (IBM SDK Java Technology Edition versions 5, 6, 7 and associated WebSphere products) and describe the root issue as an unspecifi...

New Mac OS Malware exploited two known Java vulnerabilities

A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a...

New Mac OS Malware exploited two known Java vulnerabilities

A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user’s machine. The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a...

Shylock/Caphaw Banking Malware Infections on the Rise

Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. Malware researchers have noticed a ri...

Bit9 has done the report found a large number of“critical”Java vulnerability-vulnerability warning-the black bar safety net

Bit9 has done recently for Java and its vulnerabilities conducted in-depth research, the results found that nearly half of the enterprises installed two or more versions of Java. Java in the enterprise environment is very General, enterprises usually do not delete the old version, which increases...

Many Flash, Java Users Running Older, Vulnerable Versions

It’s long been known that Java and Flash are favored targets of attackers, thanks to their huge install bases and numerous security issues. And the users who are targeted by these attacks aren’t doing themselves any favors either, as new research shows that 19 percent of business users are runnin...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43)

It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine JVM, or bypass Java sandbox restrictions. CVE-2012-0497 It...

Counter.php Redirecting to Sites Peddling Styx Exploit Kit

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...

MGASA-2013-0208 Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0730)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0730 advisory. 1.6.0.0-1.27.1.10.8.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.27.1.10.8 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patc...

MGASA-2013-0185 Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

RedHat Update for java-1.7.0-openjdk RHSA-2013:0958-01

Check for the Version of java-1.7.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.7.0-openjdk RHSA-2013:0958-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CentOS 5 : java-1.7.0-openjdk (CESA-2013:0958)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

65 Sites Compromised in ZeroAccess Trojan Attacks

As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites. While the sites aren’t topically related, they’re all hosting advertisements injected with malicious code hosted on...