Products & ServicesSecurity OperationsThreat ResearchAI ResearchNaked SecuritySophos Life
We continues to recommend users disable the Java program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes and less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offe
Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html). In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exp
Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned. Update, Apr. 2, 2:57 p.m. ET: This sales thread turned out to be an elaborate hoax designed
シマンテックセキュリティレスポンスは先日のブログで、Java のゼロデイ脆弱性を狙った攻撃が Cool 悪用ツールキットによって拡散され、活動中であることをご報告しました。Cool 悪用ツールキットのほかに、Blackhole、Redkit、Impact といったメジャーな悪用ツールキットも、パッチ公開前の今回の脆弱性を悪用していることが確認されています。 シマンテックは現在、各種の悪用ツールキットで拡散されている JAR ファイルを Trojan.Maljava として検出しますが、さらに Trojan.Maljava!gen26 の検出定義も追加したところです。 また、悪質な JAR ファイルや関連する悪用の試みを未然に遮断するために、シマンテックは以下の IPS シグネチャをリリースしました。 Web Attack: Malicious Java Download CVE-2013-
Fellow researcher Denis Laskov shared the infection chain of a new exploit pack with an impressive bunch of security researchers. For some reason, I got called to help and was more than willing to contribute by analyzing the Java applet delivered by this pack. Before I jump in, be sure you check out Denis’ blog post on this exploit pack. Here is the applet we will be looking at. As Denis mentioned
The hackers who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb
A new Java 0-day vulnerability has been discovered, already wind in use by an exploit pack, taking advantage of a fresh zero-day vulnerability in Java and potentially letting hackers take over users' machines. Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The flaw was first spott
Just a quick note, it’s only the second week of January, but early 2013 brings with it the first Java 0day mass exploit distribution of the year. There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole impl
The use of zero-day exploits in attacks has not been too far from the headlines of late. Today, Kafeine from Malware don't need Coffee has released a blog detailing yet another Java zero-day—Oracle Java Runtime Environment Unspecified Remote Code Execution Vulnerability (CVE-2013-0422)—active in the wild and distributed through the Cool Exploit pack. The good news, however, for Symantec customers
AlienVault R&D Labs Portal. Get the latest news from our research. Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab. The Java file is highly obfuscated
Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle's Java software that could allow to gain remote control over victim's machine. The vulnerability is related to the most recent version of Java JRE 7 Update 9, it isn't present in previous versions of the framework, in particular the bug resides within the Java class
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most r
If you follow this blog you'll get fast sick of Cool EK and Reveton. The Cool EK of Reveton distributors (yes it's also used by other groups, for instance the CBeplay.P ransomware distributors) is moving a lot. Hunting for the Adobe Reader XI 0 day announced by Brian Krebs, I found a 0.7.9 PluginDetect...
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く