Tag: exploit

Java users beware: Exploit circulating for just-patched critical flaw

If you haven’t installed last week’s patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now . In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure. The post doesn’t say where the attacks were being hosted or precisely how attackers are using them. Still, Oracle describes the vulnerability as allowing remote code execution without authentication. And that means you should install the patch before you do anything else today. The track record of malware purveyors of abusing advertising networks, compromised Apache servers , and other legitimate enterprises means readers could encounter attacks even when they’re browsing a site they know and trust. Read 3 remaining paragraphs | Comments

Originally posted here:
Java users beware: Exploit circulating for just-patched critical flaw

Google Implements DNSSEC Validation For Public DNS

wiredmikey writes “Google on Tuesday announced that it now fully supports DNSSEC (Domain Name System Security Extensions) validation on its Google Public DNS resolvers. Previously, the search giant accepted and forwarded DNSSEC-formatted messages but didn’t actually perform validation. ‘With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains,’ Yunhong Gu, Team Lead, Google Public DNS, wrote in a blog post. According to Gu, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. According to NIST, there has been no progress in enabling DNSSEC on 98 percent of all 1,070 industry domains tested as of March 18, 2013. ‘Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment,’ Gu said.” Read more of this story at Slashdot.

Read More:
Google Implements DNSSEC Validation For Public DNS

Oracle patches Java exploits, toughens its default security levels

Oracle hasn’t had a great start to 2013. It’s barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well — it makes the “high” setting the default and asks permission before it lauches any applet that wasn’t officially signed. If you’ve been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves. [Thanks, Trevor] Filed under: Internet , Software , Apple Comments Via: Reuters Source: Oracle

Taken from:
Oracle patches Java exploits, toughens its default security levels

Huge Security Hole In Recent Samsung Devices

An anonymous reader writes “A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung.” The problem affects phones with the Exynos System-on-Chip. Read more of this story at Slashdot.

More:
Huge Security Hole In Recent Samsung Devices