This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.
And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol links, where they don't syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.Read more
Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Researchers said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable the code.
The attackers have been linked to Operation Pawn Storm, which targeted the likes of the North Atlantic Treaty Organisation and the White House. The attackers' tactics, techniques, and procedures suggest the exploit was used by the same actors behind 2014 attacks on the White House and NATO among others under the campaign dubbed Operation Pawn Storm.Read more
Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine that enables attackers to bypass critical security sandbox defenses.
GAE offers to run custom-built programs using a wide variety of popular languages and frameworks, out of which many are built on the Java environment. By exploiting the vulnerabilities, security researchers were able to bypass Google App Engine whitelisting of Java Runtime Environment Classes and gain access to full JRE. They discovered 22 full Java VM security sandbox escape issues and were able to exploit 17 of them successfully.Read more