Cyber criminals are targeting government agencies with phishing messages containing a dangerous Java remote access tool (RAT).
Symantec researcher Andrea Lelli reported uncovering the threat, confirming that the messages are designed to entice government workers to download the attachments by masquerading as news announcements and messages about the PRISM scandal.
Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy.
According to Oracle's security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and 7 are affected by the flaws, as are all versions of JavaFX.
Java has been a jackpot for hackers in recent months and an analysis of its users released Tuesday suggests why that's so.
More than 50 percent of Java users are running a version of the program that's more than two years old, according to the analysis based on more than one billion endpoints monitored by Websense Security Lab.
Less than a week after Oracle released a scheduled security update for Java, an exploit that takes advantage of one of the patched bugs has been added to a popular exploit toolkit.
Researchers at security firm F-Secure said that on Sunday they first witnessed signs of ongoing attacks, which take advantage of a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17. The exploit has been added to commercially available exploit toolkits, including RedKit.
Oracle's Java chief proposed Thursday delaying the release of Java 8 to focus more efforts on securing Java 7.
Apple on Tuesday patched Java for the aged OS X Snow Leopard and tweaked Safari to give users more control over what websites they let run the vulnerability plagued Oracle software.
Oracle on Tuesday shipped an update for Java 6 and Java 7 to patch up to 42 bugs -- the number depends on the version and platform -- for Windows and OS X. Because Apple maintains Java 6 for OS X -- unlike Java 7, which Oracle handles -- it followed with its own update.
Allow me to begin with an emphatic statement: if you have Java on your computer then get it off now! Oracle released its latest round of security patches for the incredibly buggy, and surprisingly still popular, platform, with numerous new holes waiting to either be patched or exploited.
When word came down of the latest fixes and I mentioned it in the BetaNews newsroom, our president Scott Alperin could utter only "seems like time to put PC-side Java out of its misery". Indeed.
In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.
A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to “High” and attempt to avoid executing malicious applets.
This latest flaw was first discovered by security firm FireEye, which says it has already been used “to attack multiple customers.” The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle’s plugin.
If at first you don't succeed, and all that... Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn't fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19.
February 19 had been the original date for the February patch, but Oracle opted to push it out on an accelerated schedule after discovering that exploits for some of the vulnerabilities it addressed were operating in the wild.
