5 replies to this topic

[AplusWebMaster]

FYI...

Java 0-Day exploit ...
- https://krebsonsecur...s-in-crimeware/
Jan 10, 2013 - "The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java... According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10... if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it...
Update: Alienvault Labs* say they have reproduced and verified the claims of a new Java zero-day that exploits a vulnerability in fully-patched versions of Java 7."
* http://labs.alienvau...w-java-zeroday/
Jan 10, 2013 - "... It seems both Blackhole and Nuclear Pack exploit kits are using this vulnerability in the wild..."
___

- http://www.kb.cert.org/vuls/id/625617
Last revised: 14 Jan 2013
Disabling Java in the Browser:
- http://www.java.com/...ble_browser.xml

- https://www.us-cert..../TA13-010A.html
Last revised: 14 Jan 2013

> Uncheck this setting: https://www.java.com...enable_java.jpg
___

- https://secunia.com/advisories/51820/
Last Update: 2013-01-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution: Update to version 7 update 11.

- https://www.secureli...it_Distribution
"... There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem*... Metasploit developers have added an exploit module targeting this vulnerability CVE-2013-0422..."
* https://www.secureli...g/208194077.PNG

- http://www.securityt....com/id/1027972
CVE Reference: https://web.nvd.nist...d=CVE-2013-0422 - 10.0 (HIGH)
Updated: Jan 13 2013
Impact: Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Version(s): 1.7 u10 and prior 1.7 versions
Solution: The vendor has issued a fix (7 Update 11)...

- http://blog.trendmic...ing-ransomware/
Jan 10, 2013 - "... Currently, this exploit is being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK). CEK is the creation of the same author responsible for Blackhole Exploit Kit. It appears to be a high-end version of the more accessible BHEK. Zero-day exploits are first incorporated into CEK and only added into BHEK once they have been disclosed. It has been reported that CEK was being used to distribute ransomware, particularly Reveton variants..."

- https://www.symantec...eatconlearn.jsp

Edited by AplusWebMaster, 14 January 2013 - 04:13 PM.

[AplusWebMaster]

FYI...

Java v7u11 released
>> http://forums.whatth...=...st&p=809617
2013-January 13

[AplusWebMaster]

FYI...

New Java 0-day exploit - $5,000 per Buyer
- https://krebsonsecur...5000-per-buyer/
Jan 16, 2013 - "Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java... The hacker forum admin’s message... promised weaponized and source code versions of the exploit. This seller also said his Java 0day — in the latest version of Java (Java 7 Update 11) — was not yet part of any exploit kits, including the Cool Exploit Kit... this same thing happened not long after Oracle released a Java update in October; a few weeks later, a Java 0day was being sold to a few private users on this same Underweb forum..."
- http://www.nbcnews.c...emain-1B7956548
"... Some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes. HD Moore... said it could take two years for Oracle to fix all the security bugs that have currently been identified in the version of Java that is used for surfing the Web..."

[AplusWebMaster]

FYI...

Java 7u11 vulnerable
- http://seclists.org/...re/2013/Jan/142
18 Jan 2013 - "... We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21)... two new security vulnerabilities (51 and 52) were spotted in a recent version of Java SE 7 code and they were reported to Oracle today [4] (along with a working Proof of Concept code)..."

- http://arstechnica.c...latest-version/
Jan 18, 2013 - "... researchers have confirmed that the latest version of Oracle's Java software framework is vulnerable to Web hacks that allow attackers to install malware on end users' computers... As Ars has advised in the past, readers who have no use for Java should consider removing program plug-ins from their browsers, or uninstalling Java altogether from their computer..."

How to uninstall: https://www.java.com...d/uninstall.jsp

- http://www.securityt....com/id/1028019
Jan 19 2013
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): 7 Update 11; possibly prior versions
Description: Two vulnerabilities were reported in Oracle Java. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The vendor was notified on January 18, 2013...
Solution: No solution was available at the time of this entry...

- http://www.hotforsec...borne-5032.html
Jan 14, 2013 - "... Exploit prevalence – breakdown by country for the past three days"
> http://www.hotforsec...istribution.png

- https://blogs.techne...Redirected=true
20 Jan 2013 - "... since the public disclosure happened a few days ago, the samples and telemetry are increasing drastically, almost catching up with previous major Java vulnerabilities (CVE-2012-4681, CVE-2012-5076). The one notable thing is that we've started seeing multi-exploit samples combining CVE-2013-0422 and CVE-2012-1723*... The strategy of this combined exploit is that by sending one exploit code, they can cover any vulnerable Java 6 installations (up to JRE 6u32) and vulnerable Java 7 installations (up to JRE 7u10) at one time. As for JRE 7, CVE-2012-1723 is only applicable up to JRE 7u4, they can abuse CVE-2013-0422** to cover JRE 7u5 to 7u10 for exploitation..."
* https://web.nvd.nist...d=CVE-2012-1723 - 10.0 (HIGH)

** https://web.nvd.nist...d=CVE-2013-0422 - 10.0 (HIGH)

- http://atlas.arbor.n...index#848588693
Oracle's Java Patch Shipped with Additional Vulnerabilities...
Elevated Severity
January 23, 2013
The latest version of Java did not fully address the most recent security issue, and other issues have been found.
Analysis: Java is a very hot attack target for some time, implicated in many attacks ranging from commodity cybercrime to targeted espionage attacks. Properly hardening and restricting Java is critical if an organization requires it's use. If java, and other plug-ins are not required for core functionality, they should be removed from controlled environments in order to reduce security risks. The general principle of hardening included reducing the attack surface by giving attackers less to attack...
- http://atlas.arbor.n...index#753048269
Severity: High Severity
January 28, 2013
Java: still problematic despite progress being made.
Analysis: Containing Java is important - restrict it to browsers that are only used for sites that must require it. Click-to-run techniques inside modern browsers can help reduce the attack surface. Additionally, Java User-Agents crossing the wire in a post-compromise scenario can be detected and action taken when such activity is unexpected. Sniffing the wire for older versions of Java is even more effective, as the chance of a compromise traffic is even higher.
Source: http://seclists.org/...re/2013/Jan/241?

Edited by AplusWebMaster, 29 January 2013 - 09:16 PM.

[AplusWebMaster]

FYI...

Two new Java 0-day bugs
- https://www.computer...a_zero_day_bugs
Feb 25, 2013 - "... Oracle shipped Java 7 Update 15 (7u15) on Feb. 19, bundling patches first released in a Feb. 1 emergency update with fixes for five more vulnerabilities. The -new- vulnerabilities affect only Java 7... Java 6, which Oracle has officially retired from support, does not contain the bugs... security experts today again urged users to disable or even uninstall Java..."
- http://nakedsecurity...abilities-java/
Feb 25, 2013 - "... the flaws could be exploited to completely bypass Java's security sandbox and infect computers..."

- http://arstechnica.c...d-one-attacked/
Feb 25, 2013 - "... users who don't need Java should consider uninstalling it, or at least the Java plug-ins used to run Java content in Web browsers..."
___

- http://atlas.arbor.n...index#230624733
Elevated Severity
Feb 26, 2013
More security troubles for Java.
Analysis: Restricting Java is an important step in protecting your enterprise. Monitoring it's use on the network can indicate exploitation calling back to a malware Command & Control server. Patches are being issued, however it's wise to restrict Java as much as possible and provide additional hardening if it must be used..."

- http://h-online.com/-1810990
26 Feb 2013

Edited by AplusWebMaster, 28 February 2013 - 10:48 AM.

[AplusWebMaster]

FYI...

Java JRE 7u17 released
- http://forums.whatth...view=getnewpost
Mar 4, 2013

- http://seclists.org/...ure/2013/Mar/38
Mar 4, 2013 - "... 5 -new- security issues were discovered in Java SE 7..."
___

Current Java new attack...
- http://h-online.com/-1814716
01 March 2013 - "... FireEye reports* that cyber criminals are exploiting previously unknown vulnerabilities in the -current- Java versions to deploy malware... The hole is found -both- in Java version 7 update 15 and in version 6 update 41...
To protect themselves, users can completely uninstall Java or at least disable it in their browser..."
* http://blog.fireeye....zero-day-2.html

- https://www.virustot...f94b8/analysis/
File name: Inst.exe
Detection ratio: 24/46
Analysis date: 2013-03-01

New Java 0-Day Attack Echoes Bit9 Breach
- https://krebsonsecur...es-bit9-breach/
Mar 1, 2013 - 110.173.55.187

- https://secunia.com/advisories/52451/
Last Update: 2013-03-06
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference:
- https://web.nvd.nist...d=CVE-2013-0809 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1493 - 10.0 (HIGH)
... vulnerability is reported in version 7 update 15 and version 6 update 41. Other versions may also be affected.
Solution: http://www.oracle.co...ml#AppendixJAVA

Edited by AplusWebMaster, 09 March 2013 - 12:07 PM.