<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

VAO

Recent Posts by VAO:

Exploit for recently patched Java flaw added to CrimeBoss exploit kit

The popular CrimeBoss exploit kit was updated to include a Java exploit that was recently patched to allow the exploit kit to target unpatched systems.

Underground software suffers from copy and paste

Buggy DIY botnet tool leaks in black market. A new botnet generation tool being sold for $10,000 was observed by a researcher on underground markets. However, the tool was considered buggy by users discussing it since it uses copied source code from other tools.

Here phishy phishy, 8 in 10 companies suffered web-borne attacks.

A survey conducted by Webroot found that 80 percent of companies experienced at least one variety of Web-borne attacks in 2012, and that phishing was the most common attack, among other findings.

Vulnerability database infected for at least two months

Downed US vuln catalog infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion software allowed the National Vulnerability Database and other National Institute for Standards and Technology (NIST) Web sites to be infected with malware, prompting NIST to take them offline.

New security fix from Apple

Apple fixes OS X flaw that allowed Java apps to run with plugin disabled. Apple released several security updates for its OS X operating system, as well as a new version of its malware removal tool.

Android hit again by malware

Android users hit by evolved NotCompatible malware attack. A new version of the NotCompatible malware for Android has been found by researchers, peaking at around 20,000 detections a day.

Do you know if you have been hacked?

It takes a company 243 days to discover a sophisticated attack, study shows. A report by Mandiant focusing on advanced persistent threats (APTs) outlined several findings, including that there are on average 243 days between an attacker gaining access and when the attack is uncovered.