Multiple Java versions on endpoints risky for enterprises
Java represents a significant security risk to enterprises because it is the endpoint technology most targeted by cyber attacks, show the results of Bit9 research. The …
File infector EXPIRO hits US, steals FTP credentials
An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file …
Oracle releases Critical Patch Update
Relatively quiet Critical Patch Update (CPU) from Oracle this quarter. Relative is of course subjective to Oracle, since this gigantic pile of unrelated code fixes includes 89 …
Oracle releases critical security updates for Java
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication. This was described as the possibility of being …
Changes to the Java security model
The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In …
Oracle plugs a host of critical Java vulnerabilities
Oracle’s Java SE Critical Patch Update for April 2013 contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability …
Security firm publishes details about Java issue, asks for second opinion
Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has …
MiniDuke does not come only via email
Researchers from Kaspersky and CrySyS Lab continue to analyze the MiniDuke backdoor and have discovered two previously unknown infection mechanisms. Recently discovered to …
Malicious Java applet uses stolen certificate to run automatically
A signed but malicious applet that will apparently fool even the latest Java 6 update has been discovered on a German online dictionary website infected by the g01pack exploit …
Oracle releases emergency patch to fix exploited Java flaw
Oracle has released an out-of-band Java patch to fix the CVE-2013-1493 vulnerability that is currently being exploited in attacks in the wild. The security alert accompanying …
Dangerous beans: Oracle deep in the storm
Last week security researchers from FireEye discovered a new Java exploit that works against the latest versions of Java (version 6 update 41 and version 7 updated 15) making …
Oracle, Apple release critical updates for Java
Oracle has released on Tuesday a new Java SE Critical Patch Update. “This Critical Patch Update includes all fixes provided in the Oracle Java SE Critical Patch Update …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments