Author Archives: The Vigilant Application Owner

Cybersleuths Uncover 5-year Spy Operation Targeting Government, Others


January 14, 2013 By
The Vigilant Application Owner

Wired.com – (International) Cybersleuths uncover 5-year spy operation targeting governments, others. Kaspersky Lab researchers uncovered a sophisticated, long-running cyber espionage campaign targeting governments, energy companies, embassies, and aerospace companies dubbed ‘Red October.’ The malware used is customized to individual targets, uses a complex command and control system, and utilizes spear phishing attacks to infect victims. […]

Continue reading...

Categories: Uncategorized

Oracle Responds To Warning On Java Vulnerability


January 13, 2013 By
The Vigilant Application Owner

International Business Times – Oracle has announced fixes for two flaws in its Java software. One research group says Java was responsible for half of all cyberattacks in 2012 that involved an exploited software bug. Last week, the Department of Homeland Security and security researchers said they had identified vulnerabilities in the software that could […]

Continue reading...

Categories: Uncategorized

Oracle Ships Critical Security Update For Java


By
The Vigilant Application Owner

Krebs on Security – (International) Oracle ships critical security update for Java. Oracle released an update for Java to fix the recent critical vulnerability that allowed malware to exploit computers running the program. The update also increases the default security settings for running Java applications from ‘medium’ to ‘high.’ Source: http://krebsonsecurity.com/2013/01/oracle-ships-critical-security-update-for-java/

Continue reading...

Categories: Uncategorized

Java 7 Zero-day Exploit Used To Distribute Reveton Ransomware


January 11, 2013 By
The Vigilant Application Owner

Softpedia – (International) Java 7 zero-day exploit used to distribute Reveton ransomware. Trend Micro researchers found that the recently uncovered Java 7 zero-day exploit is being used to Reveton ransomware. The U.S. Computer Emergency Readiness Team (US-CERT) also issued an advisory about the zero-day and recommended that users disable Java until a patch is available. […]

Continue reading...

Categories: Uncategorized

Nasty New Java Zero Day Found; Exploit Kits Already Have It


January 10, 2013 By
The Vigilant Application Owner

Threatpost – (International) Nasty new Java zero day found; Exploit kits already have it. A researcher discovered and others confirmed a zero-day exploit for Java that is already being used by the popular Blackhole, Nuclear Pack, and Cool exploit kits. Source: http://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013

Continue reading...

Categories: Uncategorized

Exploit Code, Metasploit Module Out For Ruby On Rails Flaws


By
The Vigilant Application Owner

Threatpost – (International) Exploit code, Metasploit module out for Ruby on Rails flaws. Proof-of-concept exploit code and a penetration testing module were released for several Ruby on Rails vulnerabilities that could allow arbitrary code execution and the installation of backdoors, presenting a major vulnerability for Web sites using versions other than the most recently released. […]

Continue reading...

Categories: Uncategorized

Crimeware Auther Funds Exploit Buying Spree


January 7, 2013 By
The Vigilant Application Owner

Krebs on Security – (International) Crimeware author funds exploit buying spree. Researchers have tied ‘Paunch’, the author of the Blackhole exploit kit, to the Cool Exploit Kit, and noted that Paunch has been updating both kits with newlypurchased, undisclosed exploits. Source: http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

Continue reading...

Categories: Uncategorized