Out of nowhere Oracle has released an emergency update to address the zero-day vulnerabilities being exploited by many different criminal groups. Surprisingly they included some previously unknown vulnerabilities that we can only assume may also have been in use in the wild. The good news is customers who require Java in their environments can now deploy […]
A potent Java security vulnerability that first appeared earlier this week actually leverages two zero-day flaws. The revelation comes as it emerged Oracle knew about the holes as early as April. Windows, Mac OS X and Linux desktops running multiple browser platforms are all vulnerable to attacks. Exploit code already in circulation first uses a vulnerability to […]
The critical Java vulnerabilities that have security experts cautioning users to disable Java in their browsers are not new discoveries, a security firm claims. On the contrary, Oracle has known about them for months, and it has probably had a patch ready since before an exploit was discovered in the wild. Security Explorations, a startup based in […]
In recent years, the Java development platform has become a favored target for hackers, leading to a growing list of Java-specific vulnerabilities being discovered and exploited by various malware. As such, many security researchers and national computer security organizations caution users to limit their usage of Java, unless required for business reasons, or to remove […]
A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle’s Java patch schedule, it may be some time before a fix becomes widely available. The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 […]
Joseph Naghdi, an experienced computer technologist, transitioned to digital forensics in early 2000 because he was intrigued by how data is stored and discovered on computers. Today, he’s a forensics analyst at Computer Forensics Lab, aU.K.consultancy specializing in computer forensic services and advanced data recovery. Thehigh pointof his work, he says, is when he solves […]
By ForHacSec.com columnist – Fergal Glynn at Veracode.com Mobile applications have become one of the hottest trends, but this has come at a price. The sharp rise in popularity means businesses are rushing their apps to the market, while security has taken a back seat. Neither the developers, nor the app stores, test web applications […]
The endless list of usernames and passwords we have to remember certainly isn’t getting any smaller and I often impress myself with the amount of random usernames and passwords I can remember, however there’s always that ‘What if’, what if I forget them. Granted most products and services which require secure credentials offer a password […]
In only a few short weeks, Firesheep has captured the attention and interest of hundreds of thousands of people around the world, and has spurred a lot of great discussion. This is the third in a series of posts highlighting and responding to topics I found most interesting. Previous post in series: Idiot Shepherds This […]