Critical Java flaw affects nearly one billion users
Researchers from Polish firm Security Explorations keep digging into Java and discovering flaws, the latest of which has been unearthed just before Oracle’s annual …
Deep Java source code analysis
GrammaTech announced CodeSonar for Java which works on all Java code, including code written for Android. The analysis flags quality and security defects. It also works …
Oracle confirms existence of another critical Java flaw
When Oracle finally patched the CVE-2012-4681 Java 0-day that was being actively exploited in the wild, Polish firm Security Explorations immediately piped up to say they …
Oracle patches Java 0-day, researchers say there’s another one
Oracle has finally issued an update for Java 7 (v 1.7.0_07) which solves the problem of the CVE-2012-4681 vulnerability (which actually consists of two distinct flaws). The …
Java 0-day exploit served from over 100 sites
The problem of the two unpatched Java zero-day vulnerabilities that are actively exploited in the wild by attackers looking to gain access to their targets’ computers is …
Java 0-day exploit added to Blackhole kit, still no news about patch
The recently discovered Java zero-day flaw that has been spotted being used in limited targeted attacks in the wild has created quite a stir. A module that exploits the …
Critical Java 0-day flaw exploited in the wild
Researchers from security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting …
The dangers of Java and what to do about it
Since late 2010, Java exploits have become way more popular with hackers than the Adobe-related ones. The problem with Java is not so much in the newly discovered …
Multi-platform backdoor served through compromised website
The compromised website of a Colombian transport company has been found serving a signed Java applet that detects whether the visitor is using a Windows, OS X or Linux machine …
Video: Attacking XML preprocessing
Documenting more than a year of research in XML technologies, this talk by Nicolas Grégoire at Hack in The Box 2012 Amsterdam details security implications of the XML format …
Make your pentester work harder for his money
In this video recorded at Infosecurity 2012, Wolfgang Kandek, CTO at Qualys, talks about their recent research dealing with Java. Many modern exploits use Java as a stepping …
Android security: Protection of Java and native apps
Arxan Technologies enhanced its Mobile Application Protection Suite to include multi-layered, end-to-end protection for Android applications. Given the open source nature of …