HackDig : Dig high-quality web security articles for hacker

Oracle Settles with FTC Over ‘Deceptive’ Java Security Updates

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform.Since then, Oracle has improved the Java user experience by denying unsigned applets the ability to execute by default, and putting security r
Publish At:2015-12-22 19:45 | Read:3595 | Comments:0 | Tags:Web Security Vulnerabilities Government vulnerabilities gove

Oracle settles FTC dispute over Java updates

Oracle promises to give customers tools that easily uninstall insecure older versions of Java SE that may still lurk as vulnerabilities within Web browsers.That promise comes in a consent decree with the Federal Trade Commission that is currently up for public review before taking effect in January.+More on Network World: After Juniper security mess, Cis
Publish At:2015-12-22 13:40 | Read:2627 | Comments:0 | Tags:Security Java Legal

Oracle settles with FTC over Java’s “deceptive” security patching

Oracle received a public slap on the wrist from the US Federal Trade Commission over Java SE, the desktop runtime for Java. The FTC announced today that it had reached a settlement with Oracle Corporation over a complaint not about the security of Java itself, but about Oracle's patching process—and how it unintentionally left consumers to believe that the p
Publish At:2015-12-21 22:25 | Read:2755 | Comments:0 | Tags:Risk Assessment Technology Lab Java oracle security fails

Critical Java Bug Extends to Oracle, IBM Middleware

For close to 10 months, a critical vulnerability in a library found in most Java rollouts has been twisting in the wind, unpatched, and until this week without proof-of-concept exploits that people paid attention to.Two researchers with NTT Com Security changed that dynamic last week when they released PoCs that leverage the bug in the Apache Commons Collect
Publish At:2015-11-10 15:50 | Read:1884 | Comments:0 | Tags:Vulnerabilities Web Security Apache Commons Chris Frohoff Co

Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes

A tweak carried out by Google in the Google App Engine for Java continues to stir up security concerns.Oracle this week patched the latest vulnerability in Java SE-the flaw also lives in Google’s platform-as-a-service entry-after it was privately disclosed by Java bug-hunters from Security Explorations, a security consultancy in Poland. The vulnerabi
Publish At:2015-10-22 21:40 | Read:7031 | Comments:0 | Tags:Google Vulnerabilities Web Security Adam Gowdiak GAE google

This isn’t the Java I ordered!

On several sites, we have seen reports of popups that look very similar to the one Java used to notify users when the content of a site requires the Java plugin to show the full content. But if we follow this particular prompt we get something completely different called “Media Downloader”. The downloaded file is called setup.exe and is recognized by a few
Publish At:2015-10-22 14:50 | Read:3436 | Comments:0 | Tags:Online Security fake java Pieter Arntz popups PUPs

"Breaking CSRF: Spring Security and Thymeleaf"

As someone who spends half of their year teaching web application security, I tend to give a lot of presentations that include live demonstrations, mitigation techniques, and exploits. When preparing for a quality assurance presentation earlier this year, I decided to show the group a demon
Publish At:2015-09-03 11:55 | Read:4239 | Comments:0 | Tags:CSRF java Csrf

Latest APT 28 Campaign Incorporates Fake EFF Spearphishing Scam

Attackers, possibly associated with the Russian government, registered a phony Electronic Frontier Foundation domain earlier this month in an attempt to dupe users into thinking correspondence from the site was coming from the well-known privacy watchdog.The scheme, largely carried out via spear phishing, appears to be part of a larger campaign previously du
Publish At:2015-08-28 19:55 | Read:2715 | Comments:0 | Tags:Malware Web Security APT 28 EFF Java Pawn Storm Phishing spe

Money may grow on trees

By Fernando ArnaboldiSometimes when buying something that costs $0.99 USD (99cents) or $1.01 USD (one dollar and one cent), you may pay an even dollar. Eitheryou or the cashier may not care about the remaining penny, and so one of youtakes a small loss or profit.Rounding at the cash register is a common practice, just asit is in programming languages when d
Publish At:2015-08-25 18:25 | Read:3818 | Comments:0 | Tags:bugs fernando arnaboldi hacking java javascript numbers prob

Adobe, MS Push Patches, Oracle Drops Drama

Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand gr
Publish At:2015-08-12 07:10 | Read:3983 | Comments:0 | Tags:Time to Patch 18.0.0.232 adobe adobe flash player CVE-2015-1

Oracle Patches Java Zero Day

Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign.The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart of the July update. There
Publish At:2015-07-16 00:10 | Read:2937 | Comments:0 | Tags:Vulnerabilities Web Security Java Oracle vulnerabilities Web

Java Zero-Day Bug, 192 Other Security Vulnerabilities Fixed by Oracle Critical Patch Update

Oracle has released its July 2015 Critical Patch Update that provides fixes for 193 security vulnerabilities, including a zero-day vulnerability recently discovered in Java.According to a post published on Oracle’s blog, the update contains patches for a number of applications, such as Oracle Database, for which there are provided 10 security fixes inc
Publish At:2015-07-15 23:00 | Read:4972 | Comments:0 | Tags:Latest Security News Hacking Team Java July 2015 Critical Pa

Java and Flash both vulnerable—again—to new 0-day attacks

Internet users should take renewed caution when using both Adobe Flash and Oracle's Java software framework; over the weekend, three previously unknown critical vulnerabilities that could be used to surreptitiously install malware on end-user computers were revealed in Flash and Java.The Java vulnerability is significant because attackers are actively ex
Publish At:2015-07-13 17:25 | Read:2252 | Comments:0 | Tags:Risk Assessment Technology Lab exploits flash Java malware v

Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login. Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authen
Publish At:2015-04-18 11:35 | Read:3934 | Comments:0 | Tags:Breaking News Hacking Java Java 7 Java Runtime Environments

Google Shuts Off NPAPI in Chrome

With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default.The decision didn’t come out of nowhere. Google warned developers and users about it more
Publish At:2015-04-17 02:15 | Read:2215 | Comments:0 | Tags:Vulnerabilities Web Security chrome google Java NPAPI Silver

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud