Results 1 to 7 of 7

Thread: Attackers Pounce on Zero-Day Java Exploit

  1. #1
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default Attackers Pounce on Zero-Day Java Exploit

    Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.
    Initial reports indicated that the exploit code worked against all versions of Internet Explorer, Firefox and Opera, but did not work against Google Chrome. But according to Rapid 7, there is a Metasploit module in development that successfully deploys this exploit against Chrome (on at least Windows XP).
    Full article at Krebs on Security
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  2. #2
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default

    Some more on this from Kaspersky -

    The Java 0day activity that we have been monitoring and preventing for almost the past week has been irresponsibly reported on other blogs, with early posts publicly linking to known sites serving the 0day. In itself, the race to publish on this 0day that will be assigned CVE-2012-4681 (a problem with processing access control within "protection domains"), has been irresponsible. Would you encourage folks to walk down a mugger's dark alley with no protection or would you work to communicate the muggers' whereabouts to the right folks and work on lighting the alley or giving better directions? Would you provide muggers with some new weapons that they haven't considered? The efforts this time around seem misplaced.
    Read more The Current Web-Delivered Java 0day
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  3. #3
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  4. #4
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default

    Some more from Krebs ..
    New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that these vulnerabilities have exposed more than a billion users to attack.
    Read the full article at Krebs on Security
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  5. #5
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default

    Recommendations at the moment are to disable Java for browsers or uninstall it completely if you don't really need it.
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  6. #6
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default How to turn off Java on your browser - and why you should do it now

    How to turn off Java on your browser - and why you should do it now

    Do you still have Java turned on in your web browser?If your answer is "Yes" or "I'm not sure" then it's time to take action.
    Right now, cybercriminals are aware and exploiting serious security flaws in Java that could lead to your computer becoming infected by malware.
    Read the full article at Sophos - Naked Security
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


  7. #7
    Administrator Lloyd_mcse's Avatar
    Join Date
    Jun 2008
    Location
    Sudbury, Suffolk
    Posts
    2,917

    Default

    Security Fix for Critical Java Flaw Released

    Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.
    Read more at Krebs on Security
    Main PC :
    | Intel i9-9900K @ Default
    | ASUS Maximus XI Hero
    | Corsair Vengeance RGB PRO 32GB 3200MHz
    | ASUS TUF RTX 3060 OC Edition 12GB
    | Samsung 980 PRO 1TB NVMe
    | Samsung 970 EVO Plus 2TB NVMe
    | Sound Blaster AE-7
    | Corsair iCUE H150i ELITE LCD
    | ​Corsair iCUE 5000X RGB
    | Corsair HX850 Platinum
    | ASUS ProArt PA279CV 27" 4K
    | Windows 11 Professional x64
    | Full PC List |


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •