Story image

Java security concerns not over yet

17 Jan 13

The recently discovered Java vulnerability disclosed last week has been finally patched by Oracle, but exploitation continues on computers that have not been updated.

Included in the world’s most frequently used exploit packs such as BlackHole, Nuclear Pack and the Cool Exploit Kit, exploitation code can result in cyber-criminals taking advantage of the huge pool of vulnerable computers by planting ransomware.

Bitdefender says it has identified multiple campaigns that use the CVE-2013-0422 bug in Java to infect client machines with the notorious IcePol (also known as Reveton) however.

But the company warns that once the computer is successfully infected, the user is denied access to the desktop until payment of a ransom, which the criminals call a ‘fine’.

Most of these attacks are directed from servers in the UK, Canada and the US but this doesn’t mean that computers are safe Down Under according to the antivirus provider.

The Reveton ransomware has localised in multiple languages using IP addresses of the infected computers, and victims are spreading across the world, with a vulnerable version of Java enough to fall victim.

To stay safe, Bitdefender recommends consumers patch their Java distribution immediately to Update 11, while also suggesting users disable the Java plugin in the browser they are using for web-related tasks and only enable it in an alternative browser to be used for tasks requiring Java.

Have you been affected by Java's security problems? Tell us your experience below

How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management. 
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
CyrusOne investing in new Amsterdam data centre
CyrusOne is continuing its rapid and relentless investment into Europe, with news emerging of a new facility in the Netherlands.