Results 1 to 10 of 10

Thread: Hackers Found and Exploited Security Flaw in Java

  1. Header
  2. Header-68

BLiNC Magazine, always served unfiltered
  1. #1

    Hackers Found and Exploited Security Flaw in Java

    security researchers found yet another vulnerability in JAVA after update

    by Mohit Kumar on 9/01/2012 12:51:00 PM

    Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

    Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.

    While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email.

    security researchers found yet another vulnerability in JAVA after update | The Hacker News - Security Blog

    The company doesn't plan to release any technical details about the vulnerability publicly until Oracle addresses it, Gowdiak said. According to Gowdiak, Security Explorations privately reported 29 vulnerabilities in Java 7 to Oracle back in April, including the two that are now actively exploited by attackers.

    The new vulnerability discovered by Security Explorations in Java 7 Update 7 can be combined with some of the vulnerabilities left unpatched by Oracle to achieve a full JVM sandbox bypass again.

    Security researchers have always warned that if vendors take too much time to address a reported vulnerability it might be discovered by the bad guys in the meantime, if they don't already know about it.

  2. #2

    Re: Hackers Found and Exploited Security Flaw in Java

    Cambodia to deport Pirate Bay co-founder sought by Sweden

    PHNOM PENH | Tue Sep 4, 2012 6:19am EDT

    (Reuters) - Cambodia will deport a Swedish co-founder of Pirate Bay, one of the world's biggest free file-sharing websites, who was convicted and sentenced to prison in Sweden for breaching copyright laws, a police official said on Tuesday.

    Gottfrid Svartholm Warg, 27, has been living in the Cambodian capital, Phnom Penh, and was arrested last week after a request from Sweden, but he may not necessarily be sent back home directly.

    "We will deport him based on our immigration law," police spokesman Kirth Chantharith said, adding the decision was reached after talks between Cambodian and Swedish officials.

    Cambodia and Sweden do not have an extradition treaty and Kirth Chantharith could not say where Warg would be sent.

    "We just know we will deport him. As to which country, that would be up to the Swedish side," he said, adding no date had been set yet for the deportation.

    Pirate Bay, launched in 2003, provides links to music and movie files that are stored on other users' computers.

    Swedish subsidiaries of prominent music and film companies had taken the company to court claiming damages for lost revenue.

    Mainstream media firms have also taken steps to have it blocked in other countries, including the Netherlands and Finland, as they struggle to combat illegal downloads.

    Pirate Bay says no copyrighted material is stored on its servers and no exchange of files actually takes place there so it cannot be held responsible for what material is being exchanged.

    An appeals court in Sweden sentenced three others behind the Pirate Bay site to between four months and 10 months in prison plus fines in 2010.

    Warg failed to attend that hearing due to illness and his sentencing was deferred. He had originally been sentenced to a year in prison in 2009.

    Cambodian website, which originally reported Warg's arrest, said he had been living in Phnom Penh for four years.

    Cambodia has a practice of deporting foreigners once they have served sentences.

    (Reporting by Prak Chan Thul; Editing by Alan Raybould)

    Cambodia to deport Pirate Bay co-founder sought by Sweden | Reuters

  3. #3

    Re: Hackers Found and Exploited Security Flaw in Java

    FBI arrests second LulzSec member implicated in Sony Pictures hack

    US authorities have arrested a second suspected member of online hacktivist group LulzSec for his alleged involvement in a series of attacks on computer systems belonging to Sony Pictures Entertainment, the FBI has said.

    Raynaldo Rivera, 20, turned himself in to authorities in Phoenix, Arizona nearly a week after being indicted by a Los Angeles grand jury on charges of conspiracy and unauthorised impairment of a protected computer related to the Sony hack.

    According to the indictment, Rivera and others involved, including Cody Kretisinger, a 24-year-old who was indicted last September and who pled guilty to the charges in April, stole confidential information from Sony’s computers between 27 May and 2 June 2011 using an SQL injection technique. The hack exploits vulnerabilities in websites, allowing attackers to steal or modify database content.

    The FBI alleges that LulzSec then published the personal data they obtained, including sensitive details such as the names, birth dates, addresses, emails, and passwords of thousands of fans who submitted their information to enter Sony-sponsored contests.

    "From a single injection we accessed EVERYTHING," LulzSec boasted at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

    If found guilty, Rivera, who allegedly used the nicknames “neuron” and “royal”, could face a maximum prison sentence of 15 years.

    Over the past year, other members of LulzSec and Anonymous have been charged by federal authorities for computer hacking-related offenses. Most famously, Anonymous leader and LulzSec affiliate Sabu, born Hector Monsegur, pled guilty to hacking and served as an informant helping federal authorities investigate other members of the group.

    Two others pled guilty to a series of attacks targeting the websites of such organisations as News International, Nintendo, and the Arizona State Police.

    FBI arrests second LulzSec member implicated in Sony Pictures hack |

  4. #4

    Re: Hackers Found and Exploited Security Flaw in Java

    Saudi Aramco oil giant recovers from virus attack

    27 August 2012 Last updated at 12:47

    About 30,000 workstation computers are back online at Saudi Aramco after a virus hit the world's largest oil producer.

    Remote access was still restricted "as a precaution" the group said.

    Oil production was not affected by the virus which struck on 15 August, Saudi Aramco added.

    The company took its website offline after the attack and now carries a message on its front page apologising for any inconvenience.

    "We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network," the message reads.

    Most of the damage has now been repaired, it added.

    A group named the Cutting Sword of Justice has claimed responsibility for the attack in an online forum.

    It blamed the Saudi government for "crimes and atrocities" in several countries. It said the state-run oil firm was hit because it was a key source of income for the government.

    "This was not the first nor will it be the last illegal attempt to intrude into our systems," said Khalid al-Falih, president and chief executive of Saudi Aramco.

    Last week a virus called Shamoon, which targeted companies in the energy industry, was reported by security experts. Saudi Aramco has not said whether this was the malware involved.
    BBC News - Saudi Aramco oil giant recovers from virus attack

  5. #5

  6. #6

    Re: Hackers Found and Exploited Security Flaw in Java

  7. #7

    Re: Hackers Found and Exploited Security Flaw in Java

  8. #8

    Re: Hackers Found and Exploited Security Flaw in Java

    Censorship Bot Made Mistakes

    Added: Thursday, September 13th, 2012

    The entertainment industry has been using malware to seek out the copyrighted material and delete it. This fact became known after one of the bots accidentally closed down a legal live broadcast of one of science fiction’ most famous award ceremonies.

    During the annual Hugo Awards event at Worldcon, which several thousands of people were watching through video streaming service called Ustream, the audience found the stream switched off when Neil Gaiman was delivering an acceptance speech for his Doctor Who script, "The Doctor's Wife". Instead of the speech, thousands of people saw the words “Worldcon banned due to copyright infringement”.

    Honestly, you could hardly find worse place for the use of copyright bots to come out of shadow. Ironically enough, the entertainment industry’s use of anti-piracy malware bots was made public in the middle of a bunch of writers who earn money writing tales of heroes fighting against high tech corporates who barely acknowledge the law. As you can understand, such a crowd will hardly let something like this lie.

    Tobias Buckell, the bestselling science fiction author, was first to break the news on his twitter feed, saying that the censorship bot of the studios appeared to get in a tizzy over the fact that the award ceremony demonstrated clips from the BBC show. So, it is now clear that whatever the entertainment industry is using, it isn’t able to recognize fair use.

    By the way, the videos were provided by the studios themselves, and the Hugo Awards had explicit permission to broadcast them. However, the digital restriction management robot on Ustream wasn’t programmed to recognize such basic contours of copyright legislation. To make things worse, the robots completely closed down the live broadcast of the Hugo Awards.

    In response, Ustream’s CEO has made a public apology and promised that the company would never use Vobile robot again until they make sure it could tame its bots. He admitted that the broadcaster was using the bots in order to support a large volume of broadcasters using the free platform. However, he didn’t say why they had given so much power to the robot in the first place. The fact that Ustream couldn’t restore the feed quickly indicates that the bots had much power.

  9. #9

    Re: Hackers Found and Exploited Security Flaw in Java

    Malware Attacks at Highest Level

    Added: Thursday, September 13th, 2012

    McAfee report says that malware attacks remain at a very high level for the past 4 years. The reason is that malicious code authors became very inventive and constantly find new ways to attack various devices. Intel, which owns the security company, has recently announced the results of the Threats Report. The experts highlighted a 1,500,000 increase in malware within the last 6 months.

    500 experts working for McAfee Labs discovered nearly 100,000 malware samples daily, with the cyber attacks becoming more varied. Vincent Weafer, senior vice president of McAfee Labs, explained that the attacks which were traditionally seen targeting personal computers are currently being expanded to other mobile devices. The list of the targeted devices includes Apple's Mac devices that could be attacked by the Flashback Trojan or the “Find and Call” malware, which has successfully wormed its way into the Apple Store.

    In addition, the number of attacks on mobile devices kept increasing after an explosion of mobile malware in the beginning of the year. McAfee points out that almost all new instances of the malware have been directed towards the Android OS, including mobile botnets, spyware and SMS-sending viruses. The security company also noticed the rise of ransomware – the malware that restricted access to a targeted device until the victim pays money to the attacker – moreover, it seems to become a popular instrument for cybercriminals. In the meantime, the cases of ransomware, usually targeting PCs, have risen with attacks that favored mobile devices.

    Finally, cyber criminals have also found new methods to control botnets to stay anonymous, like using Twitter. It works in an interesting way: the botnets (computer networks of infected devices used by the intruders to send spam or to launch DDoS attacks) can be controlled via the social media website, where the attackers tweet commands to the infected machines. All in all, the number of botnet infections reached a 12 month high during the last quarter.

    Aside from the Internet attacks, the malware is also being spread through USB thumb drives, and instances of such attacks showed significant increase as well, with 1,200,000 new samples of the AutoRun worm being detected. As for the password stealing malware, its samples also grown by 1,600,000.

  10. #10

    Re: Hackers Found and Exploited Security Flaw in Java

    Sweden Paid $60 Millions to Cambodia for TPB Founder
    Added: Monday, September 17th, 2012

    Since Gottfrid Svartholm’s arrest in Cambodian city Phnom Penh, there were many rumors that either the United States or Sweden had something to do with this. However, there were no proofs. Now it seems the rumors were true.

    If you didn’t follow the news, there’s a synopsis: one of The Pirate Bay founders, Gottfrid Svartholm, was recently arrested in Phnom Penh. Previously, he was sentenced in Sweden to spend a year in prison, and a $1.1 million fine, because of his ties with the most popular BitTorrent tracker worldwide. Last week a meeting between National Deputy Police Commissioner General Sok Phal and Swedish authorities took place, where Gottfrid’s fate was decided – he was to be deported, despite the fact that there was no extradition treaty signed between Sweden and Cambodia.

    At the same time, a senior Cambodian official claimed that Sweden made a very expensive gift to the country ($59.4 million) in “financial aid”. According to the official statements, the money will be used for developing democracy, education, and so on.

    During the signing ceremony which hosted Prime Minister Keat Chhon and Swedish Ambassador, the former said that Cambodia considered Sweden as an important development partner and would make its best to make sure that the financial aid be used effectively.

    At first it was unclear whether the TPB’s founder was arrested because of his connections with BitTorrent tracker or not, but now it was announced that his arrest related to tax hack directed against Logica carried out a couple years ago. The representatives of the Cambodian police confirmed that Gottfrid’s arrest was made at the request of Sweden for a crime connected with information technology.

    In the meantime, Gottfrid is kept in a Cambodian detention cell, awaiting deportation.

Similar Threads

  1. Replies: 0
    Last Post: January 6th, 2009, 11:31 AM
  2. Replies: 0
    Last Post: January 6th, 2009, 11:31 AM
  3. Flaw theory over Mars Beagle loss (BBC News)
    By blinc in forum News Feeds
    Replies: 0
    Last Post: December 17th, 2008, 08:25 PM
  4. Flaw theory over Mars Beagle loss (BBC News)
    By blinc in forum News Feeds
    Replies: 0
    Last Post: December 17th, 2008, 04:10 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts