Attacks targeting unsupported Java 6 are on the rise
As predicted at the end of 2012 and proved by the ever expanding use of exploit kits, vulnerabilities in popular and widespread software such as Java and Adobe’s Acrobat …
Shielding targeted applications
When we discuss exploit prevention, we often talk about “targeted applications.’ This term refers to end-user applications which can be exploited by hackers for …
Cross-platform Frutas RAT delivered via targeted emails
The cross-platform Frutas RAT is being used in a new email phishing campaign targeting high-profile finance, mining, and telecom companies as well as governments in Europe and …
Cross-platform backdoor created with RAT available online
For malware authors and attackers, the ideal malware is that which works on as many platforms as possible. As Java is used in a wide variety of computing platforms, it stands …
Multiple Java versions on endpoints risky for enterprises
Java represents a significant security risk to enterprises because it is the endpoint technology most targeted by cyber attacks, show the results of Bit9 research. The …
File infector EXPIRO hits US, steals FTP credentials
An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file …
Multi-platform Java RAT targeting government agencies
A new spear-phishing campaign targeting government agencies mostly in the US, Canada, Australia, a few European countries and the Russian Federation has been spotted by …
Oracle releases critical security updates for Java
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication. This was described as the possibility of being …
Changes to the Java security model
The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In …
Multi-stage exploit attacks for more effective malware delivery
Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) …
Exploit for recently patched Java flaw added to CrimeBoss exploit kit
If you are still using Java, you insist on updating in manually and you haven’t gotten around to installing the latest Critical Patch Update released a week ago, you are …
Oracle plugs a host of critical Java vulnerabilities
Oracle’s Java SE Critical Patch Update for April 2013 contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability …