ICT Security-Sécurité PC et Internet

10 janvier 2013: Publication intitiale

 

Description / Résumé

 

Une vulnérabilité extrêmement critique a été découverte dans le plugin Java pour votre navigateur. L'exploitation réussie de cette vulnérabilité autorise l'attaquant à prendre le contrôle de la machine victime.

 

La vulnérabilité a été introduite dans des kits d'exploitation communs, la rendant ainsi très répandue et de ce fait dangereuse. Le simple fait d'aller sur une page infectée peut mettre votre ordinateur en danger. Il est donc important d'éviter de cliquer sur des liens dans les e-mails. 

 

Faites aussi attention aux publicités des sites légitimes qui pourraient être piégées.

Aufgrund einer noch nicht durch Updates geschlossenen Sicherheitslücke in Java 7, die bereits für Angriffe genutzt wird, sollten Anwender Java im Browser abschalten. Wir zeigen Ihnen, wie das bei den aktuellen Versionen gängiger Browser funktioniert.

 

Mehr lesen:

http://www.pcwelt.de/ratgeber/So-deaktivieren-Sie-Java-im-Browser-6527738.html?r=861529328805646&lid=193884

 

Oracle hat Sicherheits-Updates für Java 7 bereit gestellt. Sie beheben eine kritische Schwachstelle, die bereits für Angriffe ausgenutzt wird. Auch für Mac OS X ist Java 7 Update 7 erhältlich.

 

Mehr lesen:

http://www.pcwelt.de/news/Reaktion-auf-Angriffe-Notfall-Update-beseitigt-kritische-Java-Luecke-6531230.html?r=461529328305663&lid=193836

 

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the...

 

The new vulnerability discovered by Security Explorations in Java 7 Update 7 can be combined with some of the vulnerabilities left unpatched by Oracle to achieve a full JVM sandbox bypass again.

 

Read more:

http://www.computerworld.com/s/article/9230812/Researchers_find_critical_Java_7_flaw_hours_after_release

 

One of the attack crews using the new Java CVE-2012-4681 vulnerability is the Nitro group that was traced to China and attacked chemical companies and defense contractors.

 

Researchers say that one of the attack groups using the two new Java zero-day vulnerabilities is the same group that was behind an earlier targeted attack campaign from 2011. That group was traced back to China and was essentially running a spear-phishing campaign, but now the crew, known as Nitro, is using the Java vulnerabilities in Web-based attacks that install the Poison Ivy remote-access tool.

 

The attacks have been going on for more than a week, researchers say, and the Nitro group apparently is reusing both their command-and-control servers and some of the file names for the malicious executables. There are two separate domains serving the Java exploit right now, and the two main executable files the attacks are using are named "Flash_update.exe" and "hi.exe".

 

Read more:

http://threatpost.com/en_us/blogs/use-java-zero-day-flaws-tied-nitro-attack-crew-083012

 

The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.