Massive Java update won’t get Oracle out of attacker’s crosshairs, Microsoft offering bounties for vulnerabilities and more

Bob Gourley

By

microsoft-windows-dotnetHere are the top cyber news and stories of the day.

  • Trojan Uses Fake Adobe Certificate – One new piece of malware that has been discovered is pretending to have a certificate from Adobe Systems to trick users. The software injects itself into IE and notepad and allows the handler to take control of the infected machine. This use of fake certificates may be a sign of things to come, because it can lull users into a false sense of security. Via ISS Source, more here.
  • Massive Java update won’t get Oracle out of attacker’s crosshairs – Oracle recently released 40 updates to the Java software, hoping to shore up their much maligned product. However, according to some analysts, the software will be continuously targeted due to its cross platform ubiquity. This makes vulnerabilities in the Java software especially useful to malware creators and controllers. Oracle has also been slow to patch these vulnerabilities, which just encourages attackers even more. Via ComputerWorld, more here.
  • Many companies are negligent about SAP security, researchers say – SAP technologies are often responsible for critical business processes. While SAP has been diligently pumping out enhanced security patches, many companies have not been applying these patches. Patch management is something that is relatively easy to do, but without it, the entire agency can be put at risk. Via ComputerWorld, more here.
  • Hagel discusses ‘State of DoD’ in Nebraska speech – When the Secretary of Defense recently spoke at the University of Nebraska, he spoke in great length about the changes going on in DoD. He mentioned, “The role of technology in closely linking the world’s people and their aspirations and economies” and that, “In the face of rapidly developing and interconnected new threats such as cyber that fundamentally change the face of future conflicts, Hagel said, the military must reset from a defense enterprise structure that still reflects its Cold War design.” Via Fort Campbell Courier, more here.
  • Microsoft offering hackers $1mln for finding bugs in Windows – Java might be the only software more ubiquitous than Windows, but it is still on hundreds of millions of machines across the globe. Every vulnerability is worth up to a million, and the remediations are also valuable. By incentivizing hackers, Microsoft might start to lessen the Sisyphean task of securing the millions of lines of code that make up Windows. Via Yahoo! Finance, more here.
  • 65+ websites compromised to deliver malvertising – “At least 65 different sites serving ads that ultimately led to malware have been spotted by Zscaler researchers.” This is becoming a favored vector of attack. By compromising one server, they can reach thousands or millions of clicks, all who can then be click-jacked. A variety of sites were afflicted, including Government Security News. Via Help Net Security, more here.

Original post

Leave a Comment

Leave a comment

Leave a Reply