Tag Archives: java

Twitter Bots Target Tibetan Protests

March 20, 2012

Twitter bots — automated accounts that auto-follow and send junk tweets hawking questionable wares and services — can be an annoyance to anyone who has even a modest number of followers. But increasingly, Twitter bots are being used as a tool to suppress political dissent, as evidenced by an ongoing flood of meaningless tweets directed at hashtags popular for tracking Tibetan protesters who are taking a stand against Chinese rule.

It’s not clear how long ago the bogus tweet campaigns began, but Tibetan sympathizers say they recently noticed that several Twitter hashtags related to the conflict — including #tibet and #freetibet — are now so constantly inundated with junk tweets from apparently automated Twitter accounts that the hashtags have ceased to become a useful way to track the conflict.

Java Security Update Scrubs 14 Flaws

February 15, 2012

15 Comments

Oracle has shipped a critical update that fixes at least 14 security vulnerabilities in its Java JRE software. The company is urging users to deploy the fixes as quickly as possible.

Amnesty International Site Serving Java Exploit

December 22, 2011

12 Comments

Amnesty International’s homepage in the United Kingdom is hacked and is currently serving malware that exploits a recently-patched vulnerability in Java. Security experts say the attack may be opportunistic, or it may be part of a more nefarious scheme to target human rights workers.

Public Java Exploit Amps Up Threat Level

November 30, 2011

41 Comments

An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested… Read More »

Attempted Malvertising on KrebsOnSecurity.com

November 29, 2011

33 Comments

Members of an exclusive underground hacker forum recently sought to plant malware on KrebsOnSecurity.com, by paying to run tainted advertisements through the site’s advertising network — Federated Media. The attack was unsuccessful thanks to a variety of safeguards, but it highlights the challenges that many organizations face in combating the growing scourge of “malvertising.”

New Java Attack Rolled Into Exploit Kits

November 28, 2011

42 Comments

A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the criminal underground. The exploit, which appears to works against all but the latest versions of Java, is being slowly folded into automated attack tools.

Critical Java Update Fixes 20 Flaws

October 20, 2011

29 Comments

Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.

If you use Java, take some time to update the program now. According to a report released this month by Microsoft, the most commonly observed exploits in the first half of 2011 were those targeting Java flaws. The report also notes that Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters.

MySQL.com Sold for $3k, Serves Malware

September 26, 2011

41 Comments

A security firm revealed today that mysql.com, the central repository for widely-used Web database software, was hacked and booby-trapped to serve visitors with malicious software. The disclosure caught my eye because just a few days ago I saw evidence that administrative access to mysql.com was being sold on the hacker underground for just $3,000.

Is That a Virus in Your Shopping Cart?

August 5, 2011

17 Comments

Six million Web pages have been booby-trapped with malware, using security vulnerabilities in software that hundreds of thousands of e-commerce Web sites use to process credit and debit card transactions. Web security firm Armorize said it has detected more than… Read More »

Java Patch Plugs 17 Security Holes

June 7, 2011

13 Comments

Oracle today released an update to its ubiquitous Java software that fixes at least 17 security vulnerabilities in the program. The company is advising users to apply this update as soon as possible; it looks like most — if not… Read More »