Stories by Lucian Constantin

Researchers find critical vulnerability in Java 7 patch hours after release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.

Mysterious Wiper malware possibly connected to Stuxnet and Duqu, researchers say

Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyberespionage threats.

Oracle knew about currently exploited Java vulnerabilities for months, researcher says

Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.

US Air Force seeks to enhance its cyberwarfare capabilities

The U.S. Air Force is openly soliciting technologies that would improve its capability of launching cyberattacks and gathering intelligence during cyberwarfare operations.

Unpatched Java vulnerability exploited in Blackhole-based attacks

Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab.

Six ways to protect against the new actively exploited Java vulnerability

Security researchers have proposed several methods for users to protect their computers from ongoing attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7.

Unpatched Java vulnerability exploited in targeted attacks, researchers say

Attackers are exploiting a new and unpatched vulnerability that affects the latest version of Java -- Java 7 Update 6 -- in order to infect computers with malware, according to researchers from security vendor FireEye.

Cybercriminals take advantage of Android Flash Player gap on Google Play

Cybercriminals are trying to capitalize on Adobe's decision to stop distributing Android Flash Player to new users via Google Play by creating malware and adware apps that masquerade as Flash Player installers.

Kill timer found in Shamoon malware suggests possible connection to Saudi Aramco attack

A timer found in the Shamoon cyber-sabotage malware discovered last week matches the exact time and date when a hacktivist group claims to have disabled thousands of computers from the network of Saudi Aramco, the national oil company of Saudi Arabia.

ICS-CERT warns of SSL security flaw in RuggedCom industrial networking devices

Industrial Ethernet switches and other devices produced by industrial networking equipment manufacturer RuggedCom contain a vulnerability that could be exploited to compromise SSL-based communications between them and their users, according to a security researcher from security startup Cylance.

Crisis malware infects VMware virtual machines, researchers say

The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.

McAfee antivirus update causes problems for home and enterprise customers

A buggy update released Friday by security vendor McAfee for its consumer and enterprise antivirus products, left the computers of its customers unprotected and, in some cases, unable to access the Internet.

NSA chief seeks help from hackers

Gen. Keith B. Alexander, National Security Agency director, addressed attendees of the recent Defcon hacker conference and asked for their help to secure cyberspace.

Shylock malware injects rogue phone numbers in online banking websites

New configurations of the Shylock financial malware inject attacker-controlled phone numbers into the contact pages of online banking websites, according to security researchers from antivirus vendor Symantec.

Demonoid's return uncertain after law enforcement action in Ukraine and Mexico

The return of popular BitTorrent website Demonoid, which has been offline since the end of July, is shrouded in uncertainty after the website lost its Web hosting in Ukraine, while its operators are believed to be under investigation for copyright infringement in Mexico.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia