Java

Oracle preps 128 security patches; Java gets 42

Oracle will release today 128 fixes for security vulnerabilities that affect "hundreds" of its products.

The software giant and Java maker said in a pre-release announcement today that four of the patches include fixes for Oracle's flagship database product, which can be exploited remotely without the need for a username or password.

Also, 29 security fixes will arrive for Oracle Fusion Middleware, with 22 of these also for preventing attacks without the need for authentication.

Affected components include Oracle HTTP Server, JRockit, WebCenter, and WebLogic.

Both Oracle products have a common vulnerability scoring system (CVSS) rating of … Read more

See which parts of the globe are currently lit with Sunlit Earth widget for Mac

When conversing with people from all around the globe, it is useful to know if it's day or night in their city. A simple glance at Sunlit Earth for Mac can help you with that.

Sunlit Earth for Mac offers a simple widget that displays the current position of sun and the sunlit portion of the globe. Knowing where the sun is currently can be useful when communicating with people worldwide, whether for business or simply when staying in contact with family or friends located in another time zone. This widget seems to be an easier solution in comparison … Read more

Google shows interest in ASM.js, Mozilla's plan for fast Web apps

At least some at Google want to embrace a Mozilla-backed project to speed up Web apps written with JavaScript -- even though it competes directly with Google's own Native Client and Dart programming technology.

Mozilla has been working for months on a technology called ASM.js, which it hopes will boost JavaScript performance, especially in combination with a related Mozilla-spawned technology called Emscripten. JavaScript powers Web apps such as Google Docs, and ASM.js is a special "extremely restricted" subset of the programming language that's designed to make it easier for developers to bring existing software … Read more

Outdated Java weak spots are widespread, Websense says

A new Websense report suggests that approximately 94 percent of endpoints that run Oracle's Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril. 

According to security researchers at Websense, it's not just zero-day attacks that remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals.

With so many vulnerabilities, keeping browsers up-to-date can become an issue -- especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely. Keeping this in mind, the security … Read more

Update OS X to ensure Java security

With the latest round of OS X updates Apple has addressed a number of bugs in its Mac operating systems; however, in addition one update is particularly pertinent for those who wish to maintain security with their Java installations.

Java has received some hard knocks recently with a number of security vulnerabilities that could potentially lead to malware execution on exploited systems, and as such, while uninstalling Java has been a preferred recommendation, one common recommendation for those who do need it is to just disable the Java Web plug-in; however, recent developments suggest doing this may not always render … Read more

Apple, Facebook hackers hit car and candy companies too

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

More Java-based malware plagues the cross-platform runtime

Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing … Read more

Forum site gives more details on Apple and Facebook hacks

The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said … Read more

Microsoft to back Oracle in Java case against Google -- report

The legal war between Oracle and Google has been rather muted for the last several months, but there could be a major new twist in the case.

Reuters has reported that legal representatives for Microsoft told the U.S. Court of Appeals for the Federal Circuit in a briefing yesterday that it would support Oracle.

We reached out to Oracle to confirm, but the Redwood Shores, Calif.-based corporation declined to comment.

Not many more details are available at this time, but it would seemingly line up with Microsoft's other patent-related lawsuits against Motorola Mobility, now a Google subsidiary. … Read more

Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more