U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login. Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication. Every application running on any of […]

Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login.

Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication.

Every application running on any of JRE/JDK versions 5, 6, 7, and 8 which is not patched is vulnerable to remote attacks that could allow attacker to compromise the application or to steal sensitive application data.

Experts urge Java users to apply a patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs in order to fix 14 vulnerabilities.

 

target-java

This is the last security update provided for Java 7 bacause the fremework is arrived to its “end of the road” as announced by Oracle, in the future the company will provide public updated only for Java 8.

“Coincident with the January 2015 CPU release users with the auto-update feature enabled will be migrated from Oracle JRE 7 to Oracle JRE 8. Also, please note the April 2015 CPU release will be the last Oracle JDK 7 publicly available update. For more information, and details on how to receive longer term support for Oracle JDK 7, please see the Oracle Java SE Support Roadmap.” states the Java official page published by Oracle.

The experts estimated that millions of applications worldwide are vulnerable because they are running on any of the prior vulnerable versions of Java.

Application owners can upgrade their software to the last Java 8 platform or install any of the new Java Container RASP (Runtime Application Self-Protection) technologies that will quarantine and protect the Java Platform and the entire application stack automatically.

The situation is that millions of Java 7 applications will have no defense soon and it is likely cyber criminals will increase their attacks against the out of date version of the popular Oracle software.

Pierluigi Paganini

(Security Affairs –  Java 8, security)