Author Archives: The Vigilant Application Owner

Cybersleuths Uncover 5-year Spy Operation Targeting Government, Others


January 14, 2013 By
The Vigilant Application Owner

Wired.com – (International) Cybersleuths uncover 5-year spy operation targeting governments, others. Kaspersky Lab researchers uncovered a sophisticated, long-running cyber espionage campaign targeting governments, energy companies, embassies, and aerospace companies dubbed ‘Red October.’ The malware used is customized to individual targets, uses a complex command and control system, and utilizes spear phishing attacks to infect victims. […]

Continue reading...

Oracle Responds To Warning On Java Vulnerability


January 13, 2013 By
The Vigilant Application Owner

International Business Times – Oracle has announced fixes for two flaws in its Java software. One research group says Java was responsible for half of all cyberattacks in 2012 that involved an exploited software bug. Last week, the Department of Homeland Security and security researchers said they had identified vulnerabilities in the software that could […]

Continue reading...

Oracle Ships Critical Security Update For Java


By
The Vigilant Application Owner

Krebs on Security – (International) Oracle ships critical security update for Java. Oracle released an update for Java to fix the recent critical vulnerability that allowed malware to exploit computers running the program. The update also increases the default security settings for running Java applications from ‘medium’ to ‘high.’ Source: http://krebsonsecurity.com/2013/01/oracle-ships-critical-security-update-for-java/

Continue reading...

Java 7 Zero-day Exploit Used To Distribute Reveton Ransomware


January 11, 2013 By
The Vigilant Application Owner

Softpedia – (International) Java 7 zero-day exploit used to distribute Reveton ransomware. Trend Micro researchers found that the recently uncovered Java 7 zero-day exploit is being used to Reveton ransomware. The U.S. Computer Emergency Readiness Team (US-CERT) also issued an advisory about the zero-day and recommended that users disable Java until a patch is available. […]

Continue reading...

Nasty New Java Zero Day Found; Exploit Kits Already Have It


January 10, 2013 By
The Vigilant Application Owner

Threatpost – (International) Nasty new Java zero day found; Exploit kits already have it. A researcher discovered and others confirmed a zero-day exploit for Java that is already being used by the popular Blackhole, Nuclear Pack, and Cool exploit kits. Source: http://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013

Continue reading...

Exploit Code, Metasploit Module Out For Ruby On Rails Flaws


By
The Vigilant Application Owner

Threatpost – (International) Exploit code, Metasploit module out for Ruby on Rails flaws. Proof-of-concept exploit code and a penetration testing module were released for several Ruby on Rails vulnerabilities that could allow arbitrary code execution and the installation of backdoors, presenting a major vulnerability for Web sites using versions other than the most recently released. […]

Continue reading...

Botnets For Hire Likely Attacked U.S. Banks


January 9, 2013 By
The Vigilant Application Owner

IDG News Service – (International) Botnets for hire likely attacked U.S. banks. A recent campaign of distributed denial of service (DDoS) attacks on U.S. banks appears to be using botnets for hire, according to an analysis by security firm Incapsula. Source: http://www.computerworld.com/s/article/9235525/Botnets_for_hire_likely_attacked_U.S._banks

Continue reading...

Crimeware Auther Funds Exploit Buying Spree


January 7, 2013 By
The Vigilant Application Owner

Krebs on Security – (International) Crimeware author funds exploit buying spree. Researchers have tied ‘Paunch’, the author of the Blackhole exploit kit, to the Cool Exploit Kit, and noted that Paunch has been updating both kits with newlypurchased, undisclosed exploits. Source: http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

Continue reading...

All Ruby On Rails Versions Affected By SQL Injection Flaw


January 3, 2013 By
The Vigilant Application Owner

Help Net Security – (International) All Ruby on Rails versions affected by SQL injection flaw. The developers of Ruby on Rails released three new versions of the application framework to address an SQL injection vulnerability present in all past iterations of the software. Source: http://www.net-security.org/secworld.php?id=14173

Continue reading...