SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#Java
22 Feb 2017

Unpatched Python and Java flaws let hackers bypass Firewall using FTP injection

This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses.

And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol links, where they don't syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.

Read more
Tags:
hackers Java information leaks
Source:
The Hacker News
1772
14 Mar 2016

Two-year-old Java flaw re-emerges due to broken patch

A patch released by Oracle in 2013 can be easily bypassed to attack the latest Java versions, security researchers said. A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn.

This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java. The flaw was rated by Oracle 9.3 out of 10 using the Common Vulnerability Scoring System. It can be exploited remotely, without authentication, to completely compromise a system’s confidentiality, integrity and availability.

Read more
Tags:
Java information leaks
Source:
PCWorld
1936
23 Dec 2015

Oracle ordered to publicly admit misleading Java security updates

Security issues have long tantalized over 850 Million users that have Oracle's Java software installed on their computers. The worst thing is that the software was not secure for years, exposing millions of PCs to attack.

And for this reason, Oracle is now paying the price. Oracle has been accused by the US government of misleading consumers about the security of its Java software. Oracle is settling with the Federal Trade Commission over charges that it "deceived" its customers by failing to warn them about the security upgrades. Java is a software that comes pre-installed on many computers and helps them run web applications.

Read more
Tags:
Java Oracle information leaks USA
Source:
The Hacker News
2136
11 Dec 2015

Java deserialization vulnerability found in more Java libraries

Exactly a month ago, we were reporting on an issue that exposed many Java applications to security holes due to how developers handled user-supplied deserialized data via the Apache Commons Collections library.

The vulnerability caused some waves in the Java community, but since the issue was not a bug in the library, but an incorrect way of handling deserialized data, there was nothing to do than to warn other developers and promote best coding practices. According to recent research carried out by Caleb Fenton from SourceClear, 70 other libraries have the same issue when dealing with user-supplied deserialized data.

Read more
Tags:
Java information leaks
Source:
Softpedia
1829
11 Nov 2015

Remote code execution flaw found in Java app servers

Several popular Java-based products are affected by a serious vulnerability that can be exploited by malicious actors to remotely execute arbitrary code.

FoxGlove Security experts showed how deserialization vulnerabilities in Java applications can be exploited for remote code execution via the popular Java library Apache Commons Collections. Building on previous research from Gabriel Lawrence and Chris Frohoff of Qualcomm, FoxGlove Security researchers demonstrated how easy it would be for an attacker to exploit Java-based application servers and other products that use Apache Commons Collections.

Read more
Tags:
Java information leaks
Source:
SecurityWeek
1769
15 Jul 2015

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Researchers said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable the code.

The attackers have been linked to Operation Pawn Storm, which targeted the likes of the North Atlantic Treaty Organisation and the White House. The attackers' tactics, techniques, and procedures suggest the exploit was used by the same actors behind 2014 attacks on the White House and NATO among others under the campaign dubbed Operation Pawn Storm.

Read more
Tags:
zero-day Java information leaks
Source:
The Register
2065
22 Apr 2015

JavaScript CPU cache snooper tells everything you do online

Four Columbia University boffins reckon they can spy on keystrokes and mouse clicks in a web browser tab by snooping on the PC's processor caches. The exploit is apparently effective against machines running a late-model Intel CPU.

The side-channel attack can be performed by JavaScript served from a malicious web and network. It works by studying the time it takes to access data stored in the last-level cache and matches it to user activity. The attack allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser.

Read more
Tags:
JavaScript hackers information leaks
Source:
The Register
2108
8 Dec 2014

More than 30 vulnerabilities were discovered in Google App Engine

Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine that enables attackers to bypass critical security sandbox defenses. 

GAE offers to run custom-built programs using a wide variety of popular languages and frameworks, out of which many are built on the Java environment. By exploiting the vulnerabilities, security researchers were able to bypass Google App Engine whitelisting of Java Runtime Environment Classes and gain access to full JRE. They discovered 22 full Java VM security sandbox escape issues and were able to exploit 17 of them successfully.

Read more
Tags:
Google information leaks Java GAE
Source:
The Hacker News
1819
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015