Blog Posts Tagged with "Java"
Advice Regarding Recent Java Vulnerabilities
October 17, 2012 Added by:Fergal Glynn
By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around in the form of active, in-the-wild attack campaigns, as well as penetration testing tools...
Comments (0)
Java in the Cross-Hairs of Enterprise Security
September 26, 2012 Added by:Rafal Los
Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...
Comments (0)
Java, Flash, and the Choice of Usability Over Security
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
Comments (0)
Hackers Grabbed Twelve Million Apple IDs from FBI
September 05, 2012 Added by:Dan Dieterle
Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?
Comments (0)
No Copyrights on APIs: Judge Defends Interoperability and Innovation
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
Comments (0)
RedKit Private Exploit Tool Emerges in the Wild
May 04, 2012 Added by:Headlines
"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."
Comments (0)
Researchers Analyze Flashback Trojan Botnet Traffic
May 01, 2012 Added by:Headlines
Researchers, who successfully tool over C&C servers, noted that nearly two out of three infected systems are running Snow Leopard OS X 10.6 which included Java preinstalled. Less vulnerable are systems running Lion OS X 10.7, unless users manually downloaded Java after purchase...
Comments (0)
Multi-Platform Malware Targets Both Widows and Mac OS
April 27, 2012 Added by:Headlines
"If the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program..."
Comments (0)
IC3: Blackhole Exploit Kit 1.2.3 Released
April 26, 2012 Added by:Headlines
Blackhole, the most widely purchased exploit pack in the underground market, is a toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash...
Comments (0)
Flashback - Are You Joking? There is No Malware for Mac!
April 23, 2012 Added by:Pierluigi Paganini
We must remember that in any software there will be vulnerabilities that could be exploited for criminal purposes. To give you an immediate idea of the malware available for the Mac environment, I produced a table that lists the main agents detected by a well known antivirus...
Comments (0)
SabPub - The Latest Mac OS X Backdoor Java Exploit
April 16, 2012 Added by:Headlines
"This new threat is a custom OS X backdoor, which appears to have been designed for use in targeted attacks... The backdoor contains functionality to make screenshots of the user’s current session and execute commands on the infected machine..."
Comments (0)
One-Day Exploits, Binary Diffing and Patch Management
April 05, 2012 Added by:Pierluigi Paganini
One-Day exploits have a reduced possibility of success due the potential for patching by a target, but the attacks are still insidious and cheaper in comparison to Zero-Days - it's quite simple to retrieve the information on the internet and use tools to commit the attacks...
Comments (0)
Apple: Critical Update for Java for OS X Lion and Mac OS X
April 04, 2012 Added by:Headlines
"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."
Comments (0)
Top Ten Java Frameworks Observed in Customer Applications
February 08, 2012 Added by:Fergal Glynn
One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...
Comments (0)
The CERT Oracle Secure Coding Standard for Java
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
Comments (0)
Multi-platform Java Botnet Targets Widows and Mac OSX
May 06, 2011 Added by:Headlines
Multi-platform malware is not entirely new, but with the increasing popularity of Apple products in the marketplace, there is an incentive for malware authors to save time and resources by developing strains that are capable of infecting multiple operating systems...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox