Critical Java Update Fixes 50 Security Holes
Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.
Category Archives: Latest Warnings
New Java Exploit Fetches $5,000 Per Buyer
Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.
Oracle Ships Critical Security Update for Java
Oracle has released a software update to fix a critical security vulnerability in its Java software that miscreants and malware have been exploiting to break into vulnerable computers.
What You Need to Know About the Java Exploit
On Thursday, the world learned that attackers were breaking into computers using a previously undocumented security hole in Java, a program that is installed on hundreds of millions of computers worldwide. This post aims to answer some of the most frequently asked questions about the vulnerability, and to outline simple steps that users can take to protect themselves.
Zero-Day Java Exploit Debuts in Crimeware
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
Facebook, Yahoo Fix Valuable $ecurity Hole$
Both Facebook and Yahoo! recently fixed security holes that let hackers hijack user accounts. Interestingly, access to methods for exploiting both of the flaws appears to have been sold by the same miscreant in the cybercrime underground.
Adobe, Microsoft Ship Critical Security Updates
Adobe and Microsoft today separately issued updates to fix critical security vulnerabilities in their products. Adobe pushed out fixes for security issues in Acrobat, Adobe Reader and its Flash Player plugin. Microsoft released seven patches addressing at least a dozen security holes in Windows and other software, although it failed to issue an official patch for a dangerous flaw in its Internet Explorer Web browser that attackers are now actively exploiting.
Turkish Registrar Enabled Phishers to Spoof Google
Google and Microsoft today began warning users about active phishing attacks against Google’s online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by the Turkish government.
Attackers Target Internet Explorer Zero-Day Flaw
Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.
Shocking Delay in Fixing Adobe Shockwave Bug
The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe’s Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013.
