|
Home > News > Tags > java
|
|
30
More: next 50 >>
Researchers from Security Explorations have identified a total of nine ways to completely bypass the IBM Java sandbox. Of these nine exploits, five are new ones and four are old issues that haven’t been properly addressed. According to Adam Gowdiak, the founder and CEO of the Polish security firm, the five new... |
6 May 2013
08:54 GMT |
 |
|
Trusteer experts have come across an interesting variant of the Java exploit kit called “g01pack.” g01pack is different from other exploit kits because it delivers its payload via a multistage attack.
“The first stage of the attack, the exploit shellcode, executes a second stage, in which a Java cl... |
3 May 2013
03:22 GMT |
|
|
Nintendo seems determined to make the Wii U a success and it appears that one of its initiatives will see an expansion in the variety of games launched on the console, which might soon be powered by technologies such as Unity, HTML 5 and JavaScript.
Satoru Iwata, the leader of Nintendo, tells investors that, “... |
1 May 2013
07:19 GMT |
|
|
UC Browser, one of the most popular mobile browsers out there, has just been updated on phones running Java, and is currently available for download as version 9.0.
The application has been available for download in a beta flavor for the past few weeks, so as to provide users with a glimpse at the features and enhan... |
24 April 2013
02:33 GMT |
|
|
Less than a week has passed since Oracle released its April 2013 Critical Patch Update for Java and researchers have already identified a vulnerability affecting the latest version of the software. Polish firm Security Explorations has discovered a Reflection API issue – dubbed “Issue 61” – t... |
22 April 2013
03:45 GMT |
|
|
Just days after releasing new Java updates to the public, Apple has issued a memo on its Support site acknowledging that the company had been forced to block Java in OS X yet again because of security concerns. The memo on Apple’s Support area states, “To help protect users from a recent vulnerability, A... |
19 April 2013
05:39 GMT |
|
|
A total of 128 vulnerabilities have been addressed by Oracle with the release of the company’s April 2013 Critical Patch Update (CPU).
The list of affected products includes Oracle Database, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, Siebel, Health Sciences, Retail, Oracle FLEXCUBE, Primav... |
17 April 2013
03:32 GMT |
|
|
Apple has released new Java updates for users of its Mac operating system bringing the web platform to version 1.6.0_45. The updates deliver improved security, reliability, and compatibility.
In order to patch no less than two dozen vulnerabilities in Java, Apple this week rolled out two separate updates: Java for O... |
17 April 2013
03:28 GMT |
|
|
Oracle is set to release its April 2013 Critical Patch Update for Java SE. According to the company, the new CPU will address a total of 42 security holes.
Of the 42 issues, 39 can be remotely exploitable without the need for a username and a password.
The CPU affects Java 7 Update 17 and earlier, Java 6 Update 43 ... |
16 April 2013
05:25 GMT |
|
|
GCC, the GNU Compiler Collection that includes frontends for C, C++, Fortran, Objective-C, Java, Ada, and Go, has just reached version 4.7.3.
Highlights of GCC 4.7.3:
• The -fconserve-space flag has been deprecated because it had no effect on most targets;
• A number of older systems and recently unmainta... |
11 April 2013
15:01 GMT |
|
|
It took no less than five release candidates for NoScript extension for Firefox to reach version 2.6.6, which comes with per-window private browsing support to some background requests.
Per-window private browsing is a feature introduced in the latest stable version of Mozilla Firefox.
Newly available in NoScript 2... |
4 April 2013
07:47 GMT |
|
|
UCWeb announced a few days ago that a new flavor of their UC Browser would arrive on devices running under Java in the near future, namely UC Browser 9.0, and the company has already made available for download a pre-release flavor of the new app.
Given that it is not a final version, UC Browser 9.0 for Java phones... |
3 April 2013
14:41 GMT |
|
|
Owners of Java-powered handsets using the UC Browser application on their devices will be happy to learn that a new major flavor of the software is set to become available for them shortly, namely version 9.0.
In fact, the development team has already announced that they are recruiting users for the private testing... |
28 March 2013
06:29 GMT |
|
|
Apache Tomcat, an open source software implementation of the Java Servlet and JavaServer Pages technologies, developed under the Java Community Process, is now at version 7.0.39.
Highlights of Apache Tomcat 7.0.39:
• A log message is now generated when a web application fails to start due to an error processin... |
27 March 2013
05:34 GMT |
|
|
Last week, expert from Solutionary provided an interesting graph regarding the evolution of Java vulnerabilities since 1996 and until present day. On Monday, Websense published a report which showed that over 93% of endpoints used an unpatched variant of Java that could be exploited by cybercriminals with the Cool ... |
26 March 2013
05:36 GMT |
|
|
Many Java vulnerabilities have been identified over the past few years and judging by the way things are going, many more will be discovered in the upcoming period.
That’s why it’s worth taking a look at a brief report in which managed security services provider Solutionary highlights the evolution of J... |
23 March 2013
12:01 GMT |
|
|
Kaspersky and CrySyS Lab experts have uncovered two new infection mechanisms used by the recently identified MiniDuke malware. The attacks start with an apparently harmless website that hosts a piece of malicious code, which works as a primitive exploit kit. This code checks what browser the victim is using, a... |
11 March 2013
10:47 GMT |
|
|
Not long after Apple blocked Java yet again from its systems, Oracle has released an updated version of the web plug-in addressing the latest security threats in the platform. Apple has yet to issue its own updates.
Oracle has been having a lot of trouble patching some security bugs in its Java platform as of late.
... |
11 March 2013
03:43 GMT |
|
|
Considering the large amounts of money being offered at Pwn2Own 2013, we shouldn’t be surprised that most of the web browsers have been hacked on the first day of the competition, held these days in Canada as part of the CanSecWest conference.
So far, Firefox, Internet Explorer 10, Java and Chrome have been b... |
7 March 2013
09:04 GMT |
|
|
A new security notice from Cupertino, California concerning Java on Macs reveals that Apple has once again updated the web plug-in blocking mechanism to disable the newest Java OS X implementation. Updated just recently with brand new security patches (after being barred countless times by Apple), Oracle's late... |
7 March 2013
03:08 GMT |
|
|
A large number of Java vulnerabilities have been discovered over the last period. This is probably why some cybercriminal gang has decided to release an exploit kit which currently uses only Java exploits to infect computers.
According to Webroot experts, the kit only leverages CVE-2012-1723 and CVE-2013-0431, both ... |
6 March 2013
16:31 GMT |
|
|
Malware Domain List has reported finding a malicious Java application on the website of the Chemnitz University of Technology in Germany, infected with g01pack Exploit Kit. While this isn’t something uncommon, the fact that the Java exploit was signed with a legitimate digital certificate is.
Security research... |
6 March 2013
04:09 GMT |
|
|
Apple has finally posted a security advisory that clearly states the purpose of Java for OS X 2013-002 and Java for Mac OS X v10.6 Update 14, two new updates rolled out by the Mac maker yesterday. Available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X... |
5 March 2013
15:41 GMT |
|
|
Security researchers from Trend Micro reveal that the developers of the notorious BlackHole exploit kit have incorporated a new exploit that targets a Java vulnerability (CVE-2013-0431) addressed by Oracle on February 1.
The attacks that leverage the new exploit start with an email that appears to originate from Pay... |
5 March 2013
10:23 GMT |
|
|
Oracle has been having some security troubles in Java as of late, which prompted Apple to block the plug-in on OS X computers. As the fixes are out now, the Cupertino giant is re-allowing Java inside OS X, but not without some patches that users are required to install.
Apple has rolled out Java for OS X 2013-002 an... |
5 March 2013
03:49 GMT |
|
|
Oracle has released an out-of-band patch to address a couple of Java vulnerabilities, including CVE-2013-1493, which is currently being exploited in the wild to push the McRat malware onto computers. Users are advised to update as soon as possible. The security hole was reported by FireEye experts on February 1, th... |
5 March 2013
03:37 GMT |
|
|
Researcher from Security Explorations have done it again. They’ve identified 5 vulnerabilities in Java SE 7 Update 15 which, when combined, can be exploited to achieve a complete sandbox bypass.
The new flaws, identified as “issue 56” through “issue 60,” have been identified by the rese... |
4 March 2013
09:58 GMT |
|
|
Ever since The New York Times reported being attacked by Chinese hackers, news started pouring in about similar breaches.
This week we’ve learned that the Chinese military is also suspected of targeting 23 US natural gas pipeline operators. In addition, Chinese hackers are also accused of breaching the Europ... |
3 March 2013
02:11 GMT |
|
|
It appears there’s a link between the recent Bit9 security incident and the latest Java zero-day attacks.
Experts have found that one of the Trojans signed with a stolen Bit9 certificate is the same as the final payload in the attacks which leverage the Java 6 Update 41 and Java 7 Update 15 vulnerabilities.
... |
2 March 2013
03:24 GMT |
|
|
Currently, Oracle’s Java appears to be one of the most vulnerable pieces of software around, and judging by the way things are going, some time will pass until experts will tell users that they can utilize it safely.
FireEye researchers have identified yet another Java zero-day being exploited in the wild. Exp... |
1 March 2013
06:55 GMT |
|
|
On Wednesday, we learned that Oracle had assigned tracking numbers to the Java 7 issues reported to the company by Security Explorations, but it hadn’t confirmed the vulnerabilities. Now, Oracle has officially confirmed the full sandbox bypass, but the experts are unhappy with the firm’s assessment of the... |
28 February 2013
06:59 GMT |
|
|
A couple of days ago, we learned that researchers from Polish firm Security Explorations had uncovered two Java 7 Update 15 vulnerabilities that could be leveraged for a complete sandbox bypass. Oracle has assigned tracking numbers to the flaws, but it still hasn't confirmed the experts’ findings. “... |
27 February 2013
04:47 GMT |
|
|
Researchers from Polish firm Security Explorations have identified another serious vulnerability in Java 7. The experts say Java SE 7 Update 15 and all earlier versions are affected. Adam Gowdiak, the CEO of Security Explorations, has told Softpedia that they’ve uncovered two security issues, which they’... |
25 February 2013
05:52 GMT |
|
|
Microsoft is the third giant that falls victim to a new type of cyberattack based on a Java vulnerability, after Facebook and Apple have both confirmed similar issues over the last couple of weeks.
The Redmond-based technology titan has confirmed in a blog post that a small number of computers got infected with mali... |
23 February 2013
03:07 GMT |
|
|
Earlier this month, Oracle revealed that the Java Critical Patch Update (CPU) released on February 1 didn’t include all the fixes intended for this month’s CPU. Which is why it promised to update the initial CPU to address even more security holes.
Oracle has kept its promise and has issued an updated re... |
20 February 2013
04:15 GMT |
|
|
Following an internal attack on its Macintosh computers, Apple has released a Java update patching not only its own Macs but also computers in the wild. The update not only includes patches, but also runs a malware removal tool.
Delivered in two separate packages targeting specific Mac OS versions – Java for Mac OS ... |
20 February 2013
02:54 GMT |
|
|
The same anonymous group thought to be responsible for an attack on Facebook has breached “a small number” of Macs at Apple. The Cupertino giant quickly squashed the malware, which could also affect users in the wild, via a software update.
Apple tells All Things D that the company “has identified ... |
20 February 2013
02:34 GMT |
|
|
NoScript extension for Mozilla Firefox has received multiple updates recently, the latest bringing the version number to 2.6.5.6.
The developer improved the extension by adding a workaround for a Gecko race condition that allowed some script-enabled attackers to make the charset-mismatch checks abort prematurely.
A... |
12 February 2013
13:20 GMT |
|
|
Vulnerabilities in Java are highly common and, over the past months, organizations have taken serious steps to neutralize cyberattacks that exploit the security holes found in this piece of software. However, it appears Yahoo! is swimming against the current and feeding its customers a highly outdated version of Java... |
11 February 2013
08:05 GMT |
|
|
NoScript extension for Firefox has been updated twice recently, one build following the other at a very short distance. The latest revision at the moment is 2.6.5.1.
The changelog for this build consists in a single line that reads “forced unicode conversions more resilient to invalid input.”
The previo... |
7 February 2013
15:11 GMT |
|
|
After blocking the latest version of Java from OS X Mountain Lion, Apple is now patching the Snow Leopard implementation with Java for Mac OS X v10.6 Update 12.As Oracle is fixing a bug it should have taken care of a long time ago, Apple is taking matters into its own hands releasing Java for Mac OS X v10.6 Update 12... |
2 February 2013
07:33 GMT |
|
|
There's been a string of high-profile hacks lately, a string of reveals actually since the hacks took place over a long period of time. The latest to the list is Twitter which has revealed that it detected and stopped an attack as it took place recently, but it was enough time for the attackers to get away with ... |
2 February 2013
05:03 GMT |
|
|
Apple has blocked Java in OS X once again using the built-in Xprotect anti-malware system. Cybersecurity experts indirectly support the decision, as they continue to recommended that users disable the plug-in if they don’t require it.
A security flaw in the Java platform triggered a similar response from Apple... |
31 January 2013
10:38 GMT |
|
|
Windows users should be careful when prompted to update Java on their computers, so as not to end up installing malware instead, Microsoft warns in a recent blog post.
Java, a popular software from Oracle, has recently been found to pack a series of vulnerabilities that could compromise affected systems, and cyberc... |
29 January 2013
11:05 GMT |
|
|
Researchers from Security Explorations have identified yet another vulnerability that affects Java 7 Update 11. Dubbed “Issue 53,” the security hole can be exploited to execute malicious code even if the security settings are configured to “Very High.” With the release of Java 7 Update 10, Or... |
28 January 2013
03:31 GMT |
|
|
XWiki Enterprise, a professional wiki that has powerful extensibility features such as scripting in pages, plugins and a highly modular architecture, has reached version 4.4.1.
Highlights of XWiki Enterprise 4.4.1:
• Some application pages had their translation flag wrongly set to 1;
• {{html}} is now lon... |
25 January 2013
10:26 GMT |
|
|
We’ve seen some interesting things over this past week, but most of them appear to revolve around the Red October cyber espionage campaign, the death of Aaron Swartz and the subsequent OpAngel launched by Anonymous, and Java vulnerabilities.
On Monday, Kaspersky revealed the existence of Red October, a 5-year-... |
20 January 2013
02:21 GMT |
|
|
GnuAccounting, an open-source java accounting application that integrates OpenOffice, Apache Derby and HBCI/FinTS to create and manage invoices, credit memos, delivery notes, bills, and more, is now at version 0.8.2 Beta.
Highlights of GnuAccounting 0.8.2:
• Deleted bookings vanish only from accountingEditWind... |
18 January 2013
13:21 GMT |
|
|
Researchers from Security Explorations have identified a couple of vulnerabilities that affect the latest version of Java. The security holes can be exploited to achieve a complete sandbox bypass in Java 7 Update 11. Experts say that they’ve been inspired by the vulnerability related to obtaining references to... |
18 January 2013
09:42 GMT |
|
|
Many users are rushing these days to update their Java installations to protect themselves against cyberattacks that leverage the exploit affecting Java 7 Update 10. However, experts warn that users should be careful where they get their updates from.
Trend Micro researchers have come across a piece of malware disgu... |
18 January 2013
07:37 GMT |
|
More: next 50 >> |
|
|
Find us on Google+
