Story image

Java security concerns not over yet

17 Jan 2013

The recently discovered Java vulnerability disclosed last week has been finally patched by Oracle, but exploitation continues on computers that have not been updated.

Included in the world’s most frequently used exploit packs such as BlackHole, Nuclear Pack and the Cool Exploit Kit, exploitation code can result in cyber-criminals taking advantage of the huge pool of vulnerable computers by planting ransomware.

Bitdefender says it has identified multiple campaigns that use the CVE-2013-0422 bug in Java to infect client machines with the notorious IcePol (also known as Reveton) however.

But the company warns that once the computer is successfully infected, the user is denied access to the desktop until payment of a ransom, which the criminals call a ‘fine’.

Most of these attacks are directed from servers in the UK, Canada and the US but this doesn’t mean that computers are safe Down Under according to the antivirus provider.

The Reveton ransomware has localised in multiple languages using IP addresses of the infected computers, and victims are spreading across the world, with a vulnerable version of Java enough to fall victim.

To stay safe, Bitdefender recommends consumers patch their Java distribution immediately to Update 11, while also suggesting users disable the Java plugin in the browser they are using for web-related tasks and only enable it in an alternative browser to be used for tasks requiring Java.

Have you been affected by Java's security problems? Tell us your experience below

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Huawei to deploy Open Rack in all its public cloud data centres
Tech giant Huawei has unveiled plans to adopt Open Rack proposed by the Open Compute Project in its new public cloud data centres across the globe.
Beyond renewables: Emerging technologies for “greening” the data centre
Park Place Technologies’ CEO shares his views on innovations aside from renewable energy that can slim a data centre’s footprint.
Interxion’s David Ruberg wins Europe’s best data centre industry CEO
The European CEO Awards took place this week to celebrate the key figures at the helm of corporations that are driving innovation.
Opinion: 5G’s imminent impact on data centre infrastructure
Digital Realty’s Joseph Badaoui shares his thoughts on how 5G will transform data centre infrastructure now and beyond.
EMEA external storage market hits record high, Dell EMC on top
IDC's recent analysis on the external storage market in EMEA has shown healthy results - with some countries performing better than others - largely fuelled by all-flash arrays.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Was Citrix unaware of its own data breach until the FBI got involved?
According to a blog post from Citrix’s CSIO Stan Black, the FBI contacted Citrix on March 6 and advised that international cybercriminals had allegedly gained access to Citrix’s internal network.