Details for 30 Oracle Java Cloud Service flaws revealed
Polish security start-up Security Explorations has publicly released technical details and Proof-of-Concept code for 30 security vulnerabilities they found in Oracle Java …
Oracle releases Java 8
Oracle has released Java Standard Edition (SE) 8, Java Development Kit (JDK) 8, and Java Runtime Environment (JRE) 8. The new releases work on Windows 8, Windows 7, Windows …
Oracle fixes 127 vulnerabilities in its products
The story here is that Oracle has synced up their Java patching with the rest of their patching cycle and, when it comes to vulnerabilities, Java always steals the show. The …
Attacks targeting unsupported Java 6 are on the rise
As predicted at the end of 2012 and proved by the ever expanding use of exploit kits, vulnerabilities in popular and widespread software such as Java and Adobe’s Acrobat …
Multiple Java versions on endpoints risky for enterprises
Java represents a significant security risk to enterprises because it is the endpoint technology most targeted by cyber attacks, show the results of Bit9 research. The …
File infector EXPIRO hits US, steals FTP credentials
An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file …
Oracle releases Critical Patch Update
Relatively quiet Critical Patch Update (CPU) from Oracle this quarter. Relative is of course subjective to Oracle, since this gigantic pile of unrelated code fixes includes 89 …
Oracle releases critical security updates for Java
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication. This was described as the possibility of being …
Changes to the Java security model
The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In …
Oracle plugs a host of critical Java vulnerabilities
Oracle’s Java SE Critical Patch Update for April 2013 contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability …
Security firm publishes details about Java issue, asks for second opinion
Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has …
MiniDuke does not come only via email
Researchers from Kaspersky and CrySyS Lab continue to analyze the MiniDuke backdoor and have discovered two previously unknown infection mechanisms. Recently discovered to …