Data Storage Today
CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Information for Data Storage Professionals
Commvault Simpana® 10
Protect, manage, access, and
realize the untapped value of data.
www.commvault.com
Wednesday, May 22nd 
Introducing Simpana® 10 software
Home
Data Centers
Storage Solutions
Storage Networks
Data Storage Issues
Data Security
Enterprise I.T.
DST Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Advertisement
Spam & Hackers

Did Oracle Drop the Java Patch Ball?

Did Oracle Drop the Java Patch Ball? By Jennifer LeClaire
September 4, 2012 5:03PM

Bookmark and Share
"I can't say that [Oracle's] management of Java, and this is a good example, has been particularly stellar," said analyst Charles King. "Just because you buy a Ferrari doesn't mean that you become a great race-car driver. It takes a certain amount of skill and willingness and responsibility that, when absent, can lead to some embarrassing situations."

CommVault is a data and information management software company dedicated to providing organizations worldwide with a radically better way to manage data and information. Their unique Solving Forward philosophy allows them to deliver complete solutions with infinite scalability and unprecedented control over data and costs. Be among the first to experience Simpana 10 software. Click here now.

Just when you thought you were safe from the Java exploit: Beyond Apple device IDs being allegedly hacked from an FBI agent's laptop Relevant Products/Services via last week's Java flaw, a security firm in Poland, Security Explorations, is saying a patch issued by Oracle still leaves the software Relevant Products/Services insecure.

And Symantec, the SANS Institute's Internal Storm Center and Websense are sounding the alarm about new approaches being used for the Java exploit. Oracle could not immediately be reached for comment.

Nitro Attacks Revisited

In October 2011, Symantec documented a particular targeted attack campaign dubbed The Nitro Attacks. Attackers were primarily targeting chemical companies. Symantec said those attackers have escalated their efforts through a zero-day Java vulnerability in the wild.

"The traditional modus operandi of the Nitro attackers is to send an e-mail to victims," Symantec reports in its Security Response blog. "That e-mail contains an attachment, which is a password-protected self-extracting zip file. The e-mail claims to be an update for some piece of commonly installed software. The targeted user extracts it, runs it, and is infected with a copy of Backdoor.Darkmoon (also known as Poison Ivy)."

In these latest attacks, Symantec said, the attackers have developed a more sophisticated technique. They are using a Java zero-day, hosted as a .jar file on Web sites, to infect victims. Like the October 2011 attacks, Symantec said the attackers are using Backdoor.Darkmoon, re-using command-and-control infrastructure Relevant Products/Services, and even re-using file names such as "Flash_update.exe".

"It is likely that the attackers are sending targeted users e-mails containing a link to the malicious jar file," the firm said. "The Nitro attackers appear to be continuing with their previous campaign."

Infamous Amazon Relevant Products/Services E-Mail

Meanwhile, SANS and Websense are both pointing to a Java exploit that, if successful, could allow cyber criminals to deliver more malicious payloads to victims' machines. And that, Websense said, could lead to the exfiltration of personal and financial data Relevant Products/Services. It comes in the form of an e-mail supposedly from Amazon that directs victims to a page containing the recent Java exploit.

"On 1st September, Websense ThreatSeeker Network intercepted over 10,000 malicious e-mails with the subject 'You Order With Amazon.com' enticing the recipient to 'click here' to verify a fictitious order...." Websense wrote on its blog. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:

Advertisement

Also Visit:

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports
Oracle
Java
Enterprise Security
Patch
Hackers
Exploit

  New NVIDIA GPU Boosts Citrix
  Security Alert: New Trojan Attacking
  Blue Coat Beefs Up Big Data Security
  Backing Up Is Hard To Do, Yet Critical
  Dell Kills Its In-House Public Cloud

 Technology Marketplace

BYOD & MDM
Forrester Research Inc., Report: BYOD from AT&T. Make everyone more efficient.
 
Cloud & Virtualization
Brocade technologies help enable the full benefits of virtualization.
Riverbed Stingray Traffic Manager on Amazon Web Services
 
Contact Centers
Unlock the potential in your people with Microsoft Dynamics
 
Customer Service
Unlock the potential in your people with Microsoft Dynamics
 
Data Security
Simpana® 10 software: an exponential leap forward
 
Data Storage
Brocade makes it easier to deploy, manage, and scale networks.
 
Enterprise Software
Simpana® 10 software: an exponential leap forward
 
Network Security
Brocade makes it easier to deploy, manage, and scale networks.
 
Navigation
Data Storage Today
Home/Top News | Data Centers | Storage Solutions | Storage Networks | Data Storage Issues | Data Security | Enterprise I.T.
DST Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2013 Data Storage Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.