Attacks/Breaches
1/10/2013
04:58 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Year Java Zero-Day Attacks Under Way

Weather, news, adult websites getting hit, crimeware kits loaded with new exploits using the bug

Another Java zero-day exploit is in the wild and, once again, cries of “disable Java now” are going out.

The beleaguered application has yet another new bug and is the target of attacks as several ad networks are being redirected to Blackhole exploit sites. "We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites," said Kurt Baumgartner, a Kaspersky Lab expert, in a blog post today.

Word of the new bug and exploitation first came from a researcher who goes by the handle @Kafeine, and was later confirmed by several other researchers, including AlienVault Labs. @Kafeine found that the Blackhole, Cool EK, Nuclear Pack, and Red Hole crimeware kits now include exploits for the zero-day.

The nature of the flaw itself has not yet been identified, but US-CERT has issued an alert here, confirming that Java 7 Update 10 and earlier are affected and could let "a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."

Jaime Blasco of AlienVault Labs was able to reproduce an attack with the exploit against a fully patched Java platform. "The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681," he blogged today.

No word yet from Oracle, but security experts are urging users and enterprises to disable Java browser plug-ins, as well as desktop Java apps.

"Leave Java disabled (I am not going to recommend to disable it. If you still have it enabled, you probably have an urgent business need for it and can't disable it)," Johannes Ullrich blogged in the SANS Internet Storm Center today. "If you have any business critical applications that require Java: try to find a replacement. I don't think this will be the last flaw, and the focus on Java from people behind exploit kits like blackhole is likely going to lead to additional exploits down the road."

And this is likely only the first of many Java zero-day attacks to come this year, experts say.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbuchs559
50%
50%
kbuchs559,
User Rank: Apprentice
1/15/2013 | 4:33:46 PM
re: New Year Java Zero-Day Attacks Under Way
I'm trying to understand why there is this confusion between java browser plug-ins and java native. There is only an exploit issue with the browser plug-ins because they tried to restrict web apps from having access to things on the local machine to avoid damage. But java native has always had that access by design. You want your local java app to be able to read and write files, etc. If people are disabling java entirely, then none of their applications written in java will run.-
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.