• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 31 – Java 0day

August 31, 2012 By Corey Nachreiner

Java 0days, Hacktivist Data Breaches, and Dropbox Improvements

Though I cover four stories in this week’s security recap video, one incident far outweighed all the others this week. If you use Java—and almost everyone does—you’ll want to check out today’s episode.

The video below covers, Dropbox’s two-token authentication update, a Firefox security update, a new hacktivist data breach, and two zero day Java vulnerabilities that attackers have exploited in the wild throughout the week. If you want to protect yourself from the latest drive-by download attacks, watch the video for tips.

For more details on any of the stories in the video, see the references below. In the meantime, surf safe and if you’re in the US, enjoy your holiday weekend.

As an aside, if there are any Radio Free Security (RFS)  listeners out there, I recorded August’s episode and will complete final edits today. However, I don’t intend on posting it till never Tuesday, due to the holiday weekend. If you’re looking for RFS, check back next week.

(Episode Runtime: 6:22)

Direct YouTube Link: http://www.youtube.com/watch?v=jTf7_5NA8Rg

Episode References:

  • Java Zero Day Flaws
    • WGSC alert – WatchGuard Security Center
    • Original FireEye post – FireEye Blog
    • Deep End Research Analysis – DER Blog
    • One of many PoC exploits – Pastie
    • Second 0day Java vulnerability discovered – Network World
    • Oracle Emergency Java Alert – Oracle
    • Only 9/22 AV engines catch it – Heise
    • EXTRA: Vulnerabilities found in Oracle’s Patch – Infoworld
  • Dropbox adds experimental two-token authentication – Computer World
  • Firefox 15 fixes 16 security vulnerabilities – Mozilla
  • Hacktivist leak millions of accounts in Project Hellfire  – Network World
  • Extra Stories
    • Middle Eastern gas Co. taken offline by virus  –  The Register
    • Anonymous Hacks Seimens and Fujitsu web sites  –  Softpedia
    • Wirenet trojan targets Linux and OS X users  –  Tech World

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, Blackhat, Defcon, Hacking, Mac Malware, Malware, Microsoft, NFC, OSX/Crisis, password leak, passwords, strike back, trojan, Updates and patches, zeroday

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use