Oracle isn’t being drawn into saying anything on a Java zero-day flaw that emerged yesterday, despite widespread adoption by exploit kits and evidence it is being used to serve up nasty malware.
Trend Micro said it believed the flaw had been integrated into hackers’ toolkits like Blackhole and the Cool Exploit Kit, serving up the Reveton ransomware from compromised websites.
“These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.”
Kaspersky said the the zero-day had seen “mass exploit distribution”. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day,” wrote Kurt Baumgartner, Kaspersky Lab expert.
“These sites include weather sites, news sites, and of course, adult sites.”
Security researchers have advised users to disable Java or, if they need it to run, disable Java content via the Java Control Panel, which stops it running in webpages.
Meanwhile, the exploit module targeting the vulnerability has been uploaded to Metasploit, meaning pentesters and cyber crooks alike will be able to see what they can do with the flaw.
Oracle did not respond to a request for comment.
What do you know about online security? Try our quiz and find out!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…