Java
A closer look at the malicious Redkit exploit kit
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
Lifting the lid on the Redkit exploit kit
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Monday review - the hot 20 stories of the week
Catch up with all the security news from the last seven days - it's weekly roundup time.
Yet another unpatched security hole found in Java
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
Apple updates Safari, gives better control over Java applets
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.
It's supposed to give you finer-grained control over Java in your browser.
Paul Ducklin puts it through its paces...
Oracle and Apple ship critical Java updates - get yours today!
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Monday review - the hot 22 stories of the week
In case you missed anything, here's everything we wrote in the past seven days.
Researchers claim to have found more zero-day vulnerabilities in Java
A security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.
Monday review - the hot 22 stories of the week
Catch up with anything you might have missed last week – it’s weekly roundup time.
SSCC 103 - Mandiant report, iOS coders owned, Twitter accounts hacked, and more...
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 103, discussing a range of recent and newsworthy topics from the world of computer security.
Microsoft admits it was also hit by hackers, malware infects their Mac business unit
Microsoft joins Facebook and Apple in the list of big companies who have suffered at the hands of malware-bearing hackers.
Apple patches the Java hole its own developers fell into - eventually
Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us.
Apple, with this most recent update, seems to have washed its hands permanently of browser-based Java. Paul Ducklin explains...
Apple's own Macs bitten by Java-based malware attack
Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through a drive-by attack.
Monday review - the hot 21 stories of the week
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Oracle on Java - we *will* have Patch Tuesday on 19 Feb 2013 after all
Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.
But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!
Apple (again) washes its hands of the Java mess
Apple's thrown in the towel on the Java mess and has, for the second time in two weeks, blocked all versions of Java on OS X 10.6 (Snow Leopard) and later.
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
