{"id":1898,"date":"2013-04-24T15:12:12","date_gmt":"2013-04-24T19:12:12","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1898"},"modified":"2013-04-24T15:12:12","modified_gmt":"2013-04-24T19:12:12","slug":"recently-patched-java-flaw-already-targeted-in-mass-attacks-researchers-say","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/04\/24\/recently-patched-java-flaw-already-targeted-in-mass-attacks-researchers-say\/","title":{"rendered":"Recently patched Java flaw already targeted in mass attacks, researchers say"},"content":{"rendered":"

\"\"<\/a><\/p>\n

A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers with scareware, security researchers warn.
\nThe vulnerability, identified as CVE-2013-2423, was one of the 42 security issues fixed in Java 7 Update 21 that was released by Oracle on April 16.
\nAccording to Oracle\u2019s advisory at the time, the vulnerability only affects client, not server, deployments of Java. The company gave the flaw\u2019s impact a 4.3 out of 10 rating using the Common Vulnerability Scoring System (CVSS) and added that \u201cthis vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets.\u201d
\nHowever, it seems that the low CVSS score didn\u2019t stop cybercriminals from targeting the vulnerability. An exploit for CVE-2013-2423 was integrated into a high-end Web attack toolkit known as Cool Exploit Kit and is used to install a piece of malware called Reveton, an independent malware researcher known online as Kafeine said Tuesday in a blog post.<\/p>\n

\"\"<\/a><\/p>\n

Reveton is part of a class of malicious applications called ransomware that are used to extort money from victims. In particular, Reveton locks down the operating system on infected computers and asks victims to pay a fictitious fine for allegedly downloading and storing illegal files.
\nSecurity researchers from Finnish antivirus vendor F-Secure confirmed the active exploitation of CVE-2013-2423. The attacks started on April 21 and were still active as of Tuesday, they said in a blog post.
\nUpgrade Java as soon as you can
\nThe vulnerability started being targeted by attackers one day after an exploit for the same flaw was added to the Metasploit framework, an open-source tool commonly used by penetration testers, the F-Secure researchers said.
\nThis wouldn\u2019t be the first time when cybercriminals have taken Metasploit exploit modules and adapted them for use with their own malicious attack toolkits.
\nUsers who need Java on their computers and especially in their browsers are advised to upgrade their Java installations to the latest available version\u2014Java 7 Update 21\u2014as soon as possible. This version also made changes to the security warnings displayed when websites attempt to load Web-based Java applications in order to better represent the risk associated with allowing different types of applets to execute.
\nUsers should only agree to run Java applets from websites that they trust and which normally load such content. Browsers like Google Chrome and Mozilla Firefox also have a feature known as click-to-play that can be used to block plug-in-based content from executing without explicit consent.
\nvia Recently patched Java flaw already targeted in mass attacks, researchers say | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[341,583,1178],"class_list":["post-1898","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exploit","tag-java","tag-vulnerability"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-uC","jetpack-related-posts":[{"id":5980,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/15\/future-java-7-security-patches-will-work-on-windows-xp-despite-end-of-official-support\/","url_meta":{"origin":1898,"position":0},"title":"Future Java 7 security patches will work on Windows XP despite end of official support","author":"NCCT","date":"July 15, 2014","format":false,"excerpt":"Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP. \u201cWe expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7876,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/24\/fully-patched-versions-of-firefox-chrome-ie-11-and-safari-exploited-at-pwn2own-hacking-competition\/","url_meta":{"origin":1898,"position":1},"title":"Fully patched versions of Firefox, Chrome, IE 11 and Safari exploited at Pwn2Own hacking competition","author":"NCCT","date":"March 24, 2015","format":false,"excerpt":"As in years past, the latest patched versions of the most popular web browsers around stood little chance against those competing in the annual Pwn2Own hacking competition. The usual suspects \u2013 Apple Safari, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer \u2013 all went down during the two-day competition, earning\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/V99skqmTyiY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7766,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/10\/playing-minecraft-no-longer-makes-your-pc-a-juicy-target-for-hackers\/","url_meta":{"origin":1898,"position":2},"title":"Playing Minecraft no longer makes your PC a juicy target for hackers","author":"NCCT","date":"March 10, 2015","format":false,"excerpt":"The folks at Microsoft-owned Mojang just gave PC users one more reason to uninstall Java from their systems. The Minecraft launcher for PC now installs and manages its own instance of Oracle\u2019s software. The version of Java the new Minecraft launcher uses is contained within the game\u2019s directory\u2014meaning you no\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":1898,"position":3},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8907,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/04\/huge-number-of-sites-imperiled-by-critical-image-processing-vulnerability-updated\/","url_meta":{"origin":1898,"position":4},"title":"Huge number of sites imperiled by critical image-processing vulnerability [Updated]","author":"NCCT","date":"May 4, 2016","format":false,"excerpt":"By Dan Goodin | Ars Technica Attack code exploiting critical ImageMagick vulnerability expected within hours. A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5579,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/13\/linux-gets-fix-for-code-execution-flaw-that-was-undetected-since-2009-ars-technica\/","url_meta":{"origin":1898,"position":5},"title":"Linux gets fix for code-execution flaw that was undetected since 2009","author":"NCCT","date":"May 13, 2014","format":false,"excerpt":"Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running\u2026","rel":"","context":"In "Linux"","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1898"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1898\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}