Java

(get it in RSS or Atom)

The four seasons of Glazunov: digging further into Sibhost and Flimkit

The four seasons of Glazunov: digging further into Sibhost and Flimkit

Following on from the recent analysis of the Glazunov exploit kit, Fraser Howard takes a detailed look at two other closely related kits. He finds several similarities which suggest that the same criminal group may well be behind all three.

Taking a closer look at the Glazunov exploit kit

Taking a closer look at the Glazunov exploit kit

In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.

Monday review - the hot 20 stories of the week

Monday review

Missed anything last week? Don't worry, here's a little roundup of everything we wrote.

LinkedIn unhacked, Microsoft bounties, Java in your browser - 60 Sec Security [VIDEO]

bounty-250

It's that time again - time for this week's 60 Second Security, our fun-but serious "security news with a conscience" video series.

Give it a spin...it'll only take a minute.

Monday review - the hot 16 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013

There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.

Oracle has fixed 40 holes, all but three of them remotely exploitable.

Botnet smackdown, Oracle on Java, Passwords you can eat - 60 Sec Security [VIDEO]

2013-06-08-citadel-250

Here's our latest 60 Second Security video.

From botnet takedowns to authentication tokens you swallow...here's the latest security news in a easily digestible format!

Not good enough, Oracle - promises to secure Java are too little, too late

coffee-cup_thumb

In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?

A closer look at the malicious Redkit exploit kit

A closer look at the malicious Redkit exploit kit

In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.

Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.

Lifting the lid on the Redkit exploit kit

In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.

Learn more about how this kit works and the compromised web servers that are being used to host it.

Monday review - the hot 20 stories of the week

Monday review

Catch up with all the security news from the last seven days - it's weekly roundup time.

Yet another unpatched security hole found in Java

Yet another unpatched security hole found in Java

Just last week you were congratulating yourself for patching your computer against a Java security hole.

Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.

SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]

img-107-250

Here's the latest episode in the popular "Chet Chat" series.

Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.

Apple updates Safari, gives better control over Java applets

safari-250

Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.

It's supposed to give you finer-grained control over Java in your browser.

Paul Ducklin puts it through its paces...

Oracle and Apple ship critical Java updates - get yours today!

java-now-250

The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.

But this year, Oracle has adapted that schedule a number of times, and this is one of them...

Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too

Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.

There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Monday review - the hot 22 stories of the week

dow-250

In case you missed anything, here's everything we wrote in the past seven days.

Researchers claim to have found more zero-day vulnerabilities in Java

Researchers claim to have found more zero-day vulnerabilities in Java

A security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.