Cell Phone SIM Cards Being Hacked!

We know those tiny gold chips hidden inside our phones that hold the key to our dearest gems.  Phone numbers, account numbers, passwords, games, and the irreplaceable pictures from way back when.  Research has shown that millions of SIM cards in use today are vulnerable to being hacked.  These memory bites are susceptible to being cloned remotely, or even have the voice mail numbers changed in the blink of an eye.
These cards are vulnerable from a Seventies-era cipher that are being used worldwide, according to Security Research Labs.  Karsten Nohl from Security Research Labs states, “With over seven billion cards in active use, SIMs may well be the most widely used security token in the world.”
The hacked SIM cards, allow spying, encryption keys for calls, SMSs being read, and mobile identity.  There are over six billion cellphones being used today, and not everyone is updated with a smartphone that doesn’t use a SIM card.
The outdated SIM cards have a Data Encryption Standard (DES encryption) which is an algorithm for the encryption of electronic data.  Nohl tested 1,000 SIMs in the time-frame of two years and found that 1/4 of those were vulnerable.

Java Applets

When the software updates, cryptographic-secured SMS messages- that use Java software, pose a “critical hacking risk”. – Karsten Nohl

So the hackers would send a neglected signed OTA command with the SIM cards responding as a cryptographic signature which is then resolved to a 56-bit key on the computer.  This is how the attacker installs the Java applets.  The Java applet can then break out out and access the rest of the card.  Newer cards are being designed to protect such attacks from happening, networks and handsets are getting on board with these defense techniques.

References:
“Hugely significant” SIM card vulnerability leaves millions of cellphones at risk – We Live Security
http://www.welivesecurity.com/2013/07/22/hugely-significant-sim-card-vulnerability-leaves-millions-of-cellphones-at-risk/
July 22, 2013
Data Encryption Standard – Wikipedia
http://en.wikipedia.org/wiki/Data_Encryption_Standard
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Oracle Fixes Java 0-Days …Again (Last Java 6 Patch)

Oracle has released an emergency patch to address two critical vulnerabilities in Java 6 and Java 7, CVE-2013-0809 and CVE-2013-1493.

It was just last week that FireEye researchers advised users to disable Java browser plugins following the discovery that cybercriminals were exploiting CVE-2013-1493 to spread McRAT malware.

Oracle had intended to include a fix for the bug in the critical patch update scheduled for April 16^th, but decided to release it ahead of time given the ongoing attacks. The company has been aware of the bug since February 1^st, 2013.

Oracle recommends that users upgrade to the latest versions of Java, which are now Java 7 Update 17 or Java 6 Update 43 (no word on why Java 7 U16 or Java 6 U42 were skipped).

By the way, Oracle has stated that this will be the last security update for Java 6, so it's time to update to Java 7 if you wish to continue receiving public updates & security enhancements.

Users can upgrade Java by:

• Using the built-in auto update feature or manually check for updates through the Java Control panel.


• Downloading the latest version from java.com.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Disable Java Browser Plugin, New 0-Day Vulnerability Under Attack

It’s starting to feel as if another day means another Java exploit will be found.

FireEye researchers are sounding the alarm after detecting a new Java zero-day vulnerability (CVE-2013-1493) that cybercriminals are actively exploiting in-the-wild.

The security flaw, which FireEye says was used to “attack multiple customers,” can be successfully exploited in browsers with Java 6 Update 41 and Java 7 Update 15 plugins installed.

FireEye researchers offered insight as to how the exploit works:

Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process.

After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable (disguised as a file called svchost.jpg) from same server hosting the JAR file and then execute it.

One relatively good thing to note is that FireEye researchers did say that the exploit is not very reliable given the fact that it tries to overwrite a big chunk of memory, and although the payload is downloaded, it fails to execute and the JVM crashes.

In the event that the attack goes smoothly, McRAT malware (detected by Microsoft as Backdoor:Win32/Mdmbot.F) will be planted on the compromised system.

Keeping Your System Safe

FireEye notified Oracle of this new vulnerability, but advises customers to take one of the following courses of action until a patch is released:

• Disable the Java plugin in your web browsers, or;


• Set Java security settings to “High” and do not execute any untrusted Java applets.

Aside from that, it is also recommended that users always run antivirus software on their computers and keep the virus definitions current given that 27/46 antivirus programs are capable of detecting the threat associated with this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Researchers Find 0-Day Vulnerabilities in Java 7 Update 15

Security Exploration researchers have discovered a new set of 0-day vulnerabilities affecting Java 7 Update 15 and earlier.

An update posted on the Security Explorations website states that the company has notified Oracle of the vulnerabilities (referred to as issues 54 and 55), including proof-of-concept code for the company to review. Oracle confirmed successfully receiving the report and is now investigating the matter.

Hopefully Oracle will move to patch the bugs quickly since they can be used to completely bypass the Java security sandbox.

Adam Gowdiak, CEO of Security Explorations told Softpedia, “Both new issues are specific to Java SE 7 only. They allow abuse [of] the Reflection API in a particularly interesting way. Without going into further details, everything indicates that the ball is in Oracle's court. Again. “

Considering that cybercriminals recently used Java vulnerabilities in the watering hole attack that resulted in malware being installed on computers belonging to Facebook, Apple, Microsoft, and other companies, it may be wise for users to consider:

• Disabling the Java plugins in their web browser (if not needed)


• Dedicating one browser to surfing Java-rich websites and disabling Java plugins in all other browsers


• Removing/uninstalling Java from their computer

It's better to be safe than sorry.

Do you still have Java installed on your system?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple Issues Java Patch & Malware Removal Tool Following Malware Attack

Go ahead and take a moment to check for software updates on your Mac if you haven’t done so already.

Apple did as promised yesterday and released a Java security update & malware removal tool after finding that their own company computers fell victim to a Java-based drive-by-download attack.

According to the security advisory, the update addresses a slew of Java vulnerabilities in Java 1.6.0_37, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.” Users applying the patch will be updated to Java version 1.6.0_41.

Also included in the update is a malware removal tool that Apple says will remove the most common variants of malware: “If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. This update is available for systems that installed Java 6.”

As previously stated, the update can be applied by selecting 'Software Update' on your Mac's menu bar or fetched from Apple Downloads and applied manually:

• Java for Mac OS X 10.6 Update 12 


• Java for OS X 2013-001 

Have you updated your Mac yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple's Computers Infected with Malware Thanks to Java-based Exploit

Apparently Apple made a bad decision to skip over their own machines when they blocked Java browser plugins on OS X systems last month.

Reuters reports that the fruit-themed company admitted that malware managed to infect a handful of company computers after employees visited a website for software developers that had been compromised.

The website in question was housing an exploit that took advantage of a zero-day Java browser plugin vulnerability in order to drop malware on OS X systems.

The vulnerability appears to be the same one used in recent attacks against Facebook and hundreds of other companies, including defense contractors.

Apple says that they have isolated the infected machines from their network and that there is no evidence that any data has been stolen. The company is working with law enforcement to determine the source of the malware.

Apple machines have been shipped Java-free since OS X Lion, and Apple has taken many steps to protect users from Java-based attacks. The company says it plans on releasing a tool later on today that Mac users can use to detect and remove the malware used in this recent attack.

Do you have Java installed on your computer?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Nasty Trojan Posing as Bogus Java "Update 11" Patch

On the hunt for the latest Java update?

Make sure you download it from a reliable source, like say, java.com and not some random third-party website.

TrendMicro found at least one website peddling malware disguised as a fake “Java Update 11” update.

The threat in question is a nasty Trojan detected as JAVA_DLOADER.NTW that’s delivered as a file named javaupdate11.jar.

The bogus update file, Javaupdate11.jar, contains javaupdate11.class, which downloads and executes two malicious files:

• up1.exe (detected as BKDR_ANDROM.NTW)


• up2.exe (detected as TSPY_KEYLOG.NTW)

Once executed, BKDR_ANDROM.NTW will open a backdoor on the infected system to grant remote access to an attacker.

Users are more likely to notice TSPY_KEYLOG.NTW, though, as it will download ransomware (TROJ_RANSOM.ACV) that will attempt to lock the affected machine and demand payment from the end-user to regain access.

Steer Clear of Fake Java Updates!

It’s important to note that this malware does not exploit any Java-related vulnerabilities: it requires user-interaction to make its way onto a PC. So, you should be safe as long as you:

• Download Java updates directly from Oracle on java.com, or simply use Java’s built-in update mechanism to download and install updates.


• Do not download Java updates from random websites.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Dangers Still Lurk in Java; Vulnerabilities Found in Java 7 Update 11

Java has been under a lot of fire recently, both by the cybercriminals that exploit it and various entities that advise users to disable/uninstall it on their computers.

The trouble began on January 10^th when word hit that the bad guys behind the BlackHole and Nuclear Packs updated their crimeware with new exploits for a zero-day Java vulnerability affecting all versions of Java 7, including Java 7 Update 10.

Users were told to disable the Java browser plugin – or to remove Java altogether – in order to minimize the chances of an attack.

Three days later, Oracle released Java 7 Update 11 to address the vulnerability and beef up security by switching the default Security Level setting from Medium to High to prevent silent drive-by-download attacks:

This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.

All is well, right? Well, not so much, since reports of Java 7 Update 11 vulnerabilities have already begun to surface.

Adam Gowdiak of Security Explorations wrote a short post on the Full Disclosure mailing list stating they have “successfully confirmed that a complete Java security bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).” Gowdiak went on to say that two new security vulnerabilities were discovered and reported to Oracle along with a working proof-of-concept.

Fortunately, Gowdiak told TheNextWeb that there’s no evidence of these new vulnerabilities being exploited in-the-wild (YET), and that the new security settings in Java 7 Update 11 will prevent some attacks granted the user doesn’t accept the malicious content.

So think twice before allowing unsigned Java applets to run on your system. Or just remove Java from your system.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Citibank Spam Luring Users into Drive-by-Download Attacks

Look before you click; that email notifying you that your next Citibank credit card statement is ready could be a trap.

Cybercriminals have been shelling out Citibank spam in an attempt to direct users to malicious sites hosting the Blackhole exploit kit.

The spammers took the time to make sure that the emails, titled “Your Citi Credit Card statement is ready to view online” appear as if they really came from Citibank, and there’s a good chance the recipient will want to follow the ‘View Statement’ link once they see the negative card balance and large payment allegedly due on January 1st.

Here’s the email you will want to look out for:

Screenshot Credit: Softpedia

Subject: Your Citi Credit Card statement is ready to view online

Your Account Important Notification
Your Citi Credit Card statement is ready to view online

» View Statement

Dear customer,

Your Citi Credit Card statement is now available for you to view online. Here are some key pieces of information from your statement.

Statement Date: December 13th, 2012
Statement Balance: -$4,476.63
Minimum Payment Date: $662.00
Payment Due Date: Tue, January 01, 2013

Want help remembering your payment due date? Sign up for automated alerts such as Payment Due reminders with Alerting Service.

To set up alerts sign on www.citicards.com and go to Account Profile.

I prefer not to have this email contain specific information from my statement. Please send me just the announcement that my statement is ready to view online.

View Your Account | Pay Your Bill | Contact Us

One thing interesting about this attack is that there are different outcomes depending on which web browser you are using.

If you visit the site using Chrome, you will be prompted to download a malicious Chrome update. Visitors using any other browser run the risk of having malware silently installed on their system thanks to whatever Adobe Flash or Java vulnerability that the Blackhole exploit pack manages to take advantage of.

The difference in attack methods stems from the fact that Chrome doesn’t use Adobe Reader to open PDF files & asks for permission to run Java applets. Blackhole often relies on Adobe Reader & Java vulnerabilities to conduct drive-by-download attacks.

How to Protect Your PC

Here are some simple steps you can take to avoid falling for this phishing scam:

• Always mouseover links within unsolicited emails to check the destination URL before clicking on them.


• Keep your operating system, web browser and any other installed third-party software to help thwart drive-by-download attacks.


• Always run antivirus software and keep the virus definitions current.


• Consider disabling or removing Java if you do not use it.

Report Phishing Emails

If you do receive a suspicious email from Citibank, you can report it by forwarding it to spoof@citicorp.com.

[via Softpedia]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Researchers Discover New Backdoor Trojan Targeting Mac Users

Researchers have discovered a new backdoor Trojan targeting Mac users, which many antivirus vendors are referring to as OSX/Dockster.A.

Dockster is said to be a basic backdoor Trojan that’s capable of capturing keystrokes, downloading arbitrary files and providing an attacker remote access to the system.

According to Intego, upon infection, Dockster will remove itself from the location it was ran and install in the user’s home directory under the filename .Dockset. This file cannot be seen when using Finder, but you will be able to see it using OS X’s Activity Monitor when it's running.

Once it is all settled in on your Mac, Dockster will phone home to itsec.eicp.net for instructions.

Dockster is actively being served in-the-wild, but is considered a low-risk since it is not widespread and has only been seen on gyalwarinpoche.com, a website dedicated to the Dalai Lama that was compromised to drop the Trojan on visiting computers.

The exploit code used in the attack leverages the same Java vulnerability (CVE-2012-0507) that was used to infect machines with the Flashback & Sabpab Trojans earlier this year. (On a side note, F-Secure warns that this site is rigged with another Java exploit, CVE-2012-4681 to drop Trojan.Agent.AXMO on computers running Windows as well.)

Protecting Your Mac from OSX/Dockster.A

Here are some tips to keep your Mac safe from this threat:

• Keep your operating system fully patched & up-to-date, as Apple has previously released updates to deal with Java-based threats.


• Either toggle Java browser plugins as they’re needed or remove Java from your system if you don’t use it.


• Always run antivirus software on your system. It’s better to be safe than sorry!

Think Your System Has Been Infected?

Thankfully there are a few antivirus programs capable of detecting & removing this threat, so take your pick:

• Intego VirusBarrier X6


• Sophos Anti-Virus for Mac Home Edition (detected as OSX/Bckdr-RNW)


• F-Secure Anti-Virus for Mac

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Researchers Find Yet Another Zero-Day Java Flaw

Security researchers at Polish firm Security Explorations announced that they have found yet another security vulnerability in Oracle’s Java SE software that would allow a malicious attacker to gain complete control of a user’s system.

The new exploit affects Java SE 5, 6, and 7, which means over a billion PCs are at risk if Oracle’s reported number desktops running Java are accurate.

According to Adam Gowdiak of Security Explorations, all tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system using Firefox, Chrome, Internet Explorer, Opera and Safari, but that doesn’t mean other operating systems are safe.

As Gowdiak explained to Computer World, “We simply did our test on Windows 7 32-bit. But, it does not matter because all operating systems supported by Oracle Java SE (such as Windows, Linux, Solaris, MacOS) are vulnerable as long as they have Java 5, 6 or 7 installed and enabled.”

The new bug marks the 50^th security flaw that Security Explorations has discovered within Java, and they have already submitted a technical description of the issue “along with a source and binary codes of our Proof of Concept code demonstrating a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7” to Oracle for review.

So far, Oracle has not commented on this new exploit.

For those who are wondering (and you should be), there is no proof that this flaw is being actively exploited in-the-wild at this time, however, the clock is ticking. Let's not also forget that Oracle has yet to close the security holes present in their most recent out-of-band patch, which was issued to fix the last Java zero-day to make headlines.

Once again, if you don't need Java on your PC, remove it. If you do need Java, then it's best you dedicate a single browser to handle all of your Java-enabled website browsing, and disable the plug-in in your remaining web browsers.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Time to Update: Oracle Releases Java 7 Update 7 to Address 0-Day Flaws

Update: Security Explorations claims that vulnerabilities exist in the new patch, Oracle confirms their findings... again.

-------

Talk about a quick turnaround!

Oracle has just released Java 7 Update 7, which according to the release notes (and related Oracle Security Alert for CVE-2012-4681) addresses the 0-day vulnerabilities that are actively being exploited by cybercriminals to infect computers with malware.

Due to the severity of the vulnerabilities and reported exploitation of them in the wild, Oracle strongly recommends that users apply the updates ASAP.

Java 7 Update 7 can be downloaded directly from the official Java website: java.com.

Update now!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

There's More Than One Java 0-Day Being Exploited; Where's Oracle?!

Update: Oracle has released an emergency patch to fix the 0-day vulnerabilities currently being exploited.

-- End Update --

As the minutes tick away, more information about the new Java 0-day vulnerability (CVE-2012-4681) we blogged about a few days ago has surfaced, and it’s not pretty. At all.

More Than One Java Bug Putting Users at Risk

Researchers have discovered that the exploit code that’s been used in targeted attacks wasn’t leveraging just one Java 0-day vulnerability, but two.

“The first bug was used to get a reference to sun.awt.SunToolkit class that is restricted to applets while the second bug invokes the getField public static method on SunToolkit using reflection with a trusted immediate caller bypassing a security check,” Esteban Guillardoy of Immunity Inc. explained in a Tuesday blog entry.

What Does Oracle Have to Say About All This?

So far, Oracle has not commented on the 0-day vulnerability reports currently circulating.

As if their silence wasn’t bad enough, Computer World reports that Oracle has known about the 0-day vulnerabilities for months.

Adam Gowdiak, founder and CEO of Security Explorations, stated that Oracle was notified about the two security holes – along with 12 other flaws – on April 2nd. The company continued to send Java 7 vulnerabilities to Oracle until a total of 29 bugs were reported.

There hasn’t been any explanation as to why Oracle has been dragging its feet to close the security holes, but a status report Security Explorations received on August 23^rd from Oracle stated they were planning on fixing the two vulnerabilities currently being used in attacks in their October Critical Patch Update (CPU), along with 17 other Java 7 flaws that Security Explorations had previously submitted.

Java 0-day Exploit Code Added to BlackHole Exploit Kit

A visit to nearly any internet security website will land you face to face with the same advice:

If you don’t need Java on your PC, uninstall it immediately. If you do need it, at least disable the Java plug-ins on your web browser to minimize the chances of a malware infection.

That advice stems from the fact that the 0-day Java exploit code has been added to the widely-used BlackHole exploit kit.

"So far we have observed over a dozen domains actively attacking systems with this exploit, and the count is increasing rapidly." Atif Mushtaq from FireEye warned in a blog post on Tuesday, "After seeing the reliability of this attack, I have no doubt in my mind that within hours the casualties will be in the thousands."

That sounds about right. The exploit code isn't reserved just for targeted attacks anymore. All it takes is a visit to a compromised site housing the BlackHole exploit pack.

Again, this Java exploit code does not discriminate against browsers or operating systems – researchers were able to successfully execute attacks against IE, Firefox, Opera, Safari, and Chrome on systems running Windows, OS X, and Ubuntu Linux.

It all depends what cybercriminals have configured the attack to drop on a victim’s machine: Windows-specific malware, or malware targeting a different OS.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

New Java 0-Day Exploit Doesn't Discriminate Against Browser or Operating System

Update: Oracle has released an emergency patch to fix the 0-day vulnerabilities currently being exploited.

-- End Update --

If you don’t need Java on your computer, disable it or remove it. Now.

Once again, security researchers are sounding the alarm about a zero-day vulnerability in Java that is actively being exploited in the wild via targeted attacks.

The security hole is said to be present in Java 7 (updates 0-6), but older versions of Java appear to be unaffected.

Of course, the real danger in this vulnerability is that the exploit code works against almost any browser and operating system that has Java installed. Researchers warn that the exploit code works against Internet Explorer, Firefox, Safari, and Opera running on Windows (7, Vista & XP), Ubuntu Linux and OS X (including Lion & Mountain Lion).

Initial reports suggested that the attack didn’t work against Google Chrome; however Rapid7 stated that they were able to successfully execute the attack in Google Chrome running on Windows XP. Write-ups of these tests can be seen here:

• Deep End Research


• FireEye


• AlienVault


• Errata Security


• Rapid7

According to Brian Krebs of KrebsonSecurity.com, this zero-day exploit will soon be rolled into the widely-used BlackHole exploit kit as early as today. Let’s hope that isn’t the case, otherwise this exploit won't be reserved just for targeted attacks.

Given that Oracle just released their quarterly update for Java SE 6 & 7 on August 14th, the next update is not scheduled until this October. That leaves plenty of time for cybercriminals to launch a host of malware attack campaigns (unless Oracle issues an emergency fix), so it’s a good idea to disable Java browser plug-ins or uninstall it from your system until a patch is released.

Check if You Have Java Installed & React Accordingly

If you’re not entirely sure whether or not you have Java installed, you can always check your Programs in your computer’s Control Panel or head over to java.com and click the ‘Do I have Java?’ link.

If you have Java installed and do NOT need it, it is recommended that you remove it from your computer.

If you have Java installed and you DO need it, it is recommended that you dedicate a single browser to visiting Java-based websites and disable the Java plug-ins in all other browsers.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Apple Releases its Flashback Removal Tool to Mac Users

Make sure you take a moment to update your computer today, Mac users.

Apple has kept its word and released another Java update, this time to remove the most common variants of the Flashback malware.

Aside from that, Apple’s advisory on the Java update for Lion states that it will "configure the Java web plug-in to disable the automatic execution of Java applets" to help thwart future malware attacks. Lion users will be able to re-enable the feature, however if the Java web plug-in goes unused for an extended period of time it will automatically be disabled again.

Meanwhile, the details for the Java update for Snow Leopard (OS X 10.6) recommends that the Java plug-in be disabled manually.

It is recommended that all Mac users who have Java installed on their machines apply the “Java for OS X Lion 2012-003” update.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Apple Releases Patch for Multiple Java Vulnerabilities

Time to update your system, Mac users!

Apple has finally released an update for Java that plugs a number of security holes, including the CVE-2012-0507 flaw that is actively being exploited by the latest variant of the Flashback Trojan in order to infect Macs.

It is strongly recommended that users apply the update,  Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 as soon as possible.

Aside from installing the latest update, now may be a good time to consider whether or not you even need Java to be enabled on your machine. Cybercriminals often use known Java vulnerabilities in order to download and launch malware onto computers, so unless you absolutely need it, then it may be time to eliminate the risk.

You can disable Java by going to Applications → Utilities → Java Preferences and unchecking everything in the General tab.

Otherwise, you may just want to toggle the Java plug-in within your browser as necessary.

Photo Credit: Apple Support

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Flashback Variant Using Unpatched Java Flaw to Infect Macs

Update: Apple Releases Patch for Multiple Java Vulnerabilities (including the one exploited by Flashback)

Alright, Mac users, you have a few options here: install antivirus software, disable Java and/or pray that you don’t come across a website pushing the latest variant of the Flashback Trojan.

Why?

The latest Flashback Trojan build, which security experts at F-Secure have named Flashback.K, is currently making rounds and exploiting a Java vulnerability (CVE-2012-0507) that has not yet been patched in OS X.

To make matters worse, Brian Krebs of KrebsonSecurity.com warned at the end of March that the exploit for CVE-2012-0507 was added to the Blackhole exploit kit, which is said to be by far the most widely used exploit pack to carry out drive-by-download attacks.

Ironically, Oracle released a patch back in February for Windows users; however, it is Apple’s responsibility to release an update to protect Mac users.

So far, there hasn’t been any word on when Apple plans on releasing an update. Therefore, it’s up to users to take the necessary measures to keep their Macs Flashback-free.

Protecting Your Mac Against Flashback Malware

For those of you who wish to keep Java installed & enabled on your Mac, it’s advised that you install antivirus software. I suggest checking out the Mac antivirus offerings of ESET, Sophos (free) & Intego.

Or you can toggle the Java Safari plug-in as needed by going to Safari Preferences -> Security tab and unchecking the ‘Enable Java’ box. Make sure you disable the plug-in in any other browsers you use as well.

If you don’t need Java, you can disable it by going to Applications -> Utilities -> Java Preferences and unchecking everything in the General tab. (Hint: OS X Lion users don’t have to do this unless they’ve manually (or inadvertently) installed Java as it doesn’t come pre-installed.)

Update: Apple Releases Patch for Multiple Java Vulnerabilities (including the one exploited by Flashback)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Java-Based 'Fileless' Malware Served via Compromised Site Ads

What’s more annoying than advertisements on a website?

Answer: Advertisements that infect your computer with “fileless” malware that’s completely capable of dodging the watchful eye of your antivirus software.

Kaspersky Lab discovered that an advertisements served through third-party ad network, AdFox contained malicious JavaScript code that would load an iframe containing an exploit for a known Java vulnerability (CVE-2011-3544).

Typically a Trojan dropper or downloader would be saved onto the hard-drive during the infection process, however this attack sets itself apart from the norm by injecting an encrypted dynamic link library (DLL) into an active Java process instead.

Therefore, the malware is active only in memory and is operational as long as the computer is not restarted – not that it’s a problem considering there’s a good chance that the user will revisit the infected site anyway.

Following a successful infection (which doesn't require any action on the user's part), the ‘fileless’ malware will begin operating as a bot: transmitting a user’s browsing history and a range of other technical information to a command and control server and attempting to disable UAC (user access control) in order to download and install Trojan-Spy.Win32.Lurk (“Lurk”) onto the system.

During their investigation, Kaspersky Labs contacted AdFox, who found that the offending advertisement was a result of a cybercriminal using an AdFox customer’s account to modify the code of news headline banners to include the malicious code. The bad code has been removed and all is well again.

While this particular attack was targeting Russian users, it’s entirely possible for the very same exploit and corresponding fileless bot to be used to target users in other countries.

For the record, the Java vulnerability exploited in this attack was patched in October 2011 and yet it was still successful. So, make sure you keep all third-party software installed on your machine fully patched and up-to-date!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.