Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.
Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.
The University of Delaware has joined the long line of recent data breach victims, with a compromised university system yielding personal information on 72,000 past and present employees.
UD authorities have notified those affected by mail, and email where possible. Investigators have been called in to pin down the scale of the breach, identify any additional risks and ensure those affected are properly informed.
Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.
Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.
In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.
There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.
Oracle has fixed 40 holes, all but three of them remotely exploitable.
In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.