Oracle isn’t being drawn into saying anything on a Java zero-day flaw that emerged yesterday, despite widespread adoption by exploit kits and evidence it is being used to serve up nasty malware.
Trend Micro said it believed the flaw had been integrated into hackers’ toolkits like Blackhole and the Cool Exploit Kit, serving up the Reveton ransomware from compromised websites.
“These inform users that to unlock their system, they must pay a fine ranging from $200 to $300.”
Kaspersky said the the zero-day had seen “mass exploit distribution”. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day,” wrote Kurt Baumgartner, Kaspersky Lab expert.
“These sites include weather sites, news sites, and of course, adult sites.”
Security researchers have advised users to disable Java or, if they need it to run, disable Java content via the Java Control Panel, which stops it running in webpages.
Meanwhile, the exploit module targeting the vulnerability has been uploaded to Metasploit, meaning pentesters and cyber crooks alike will be able to see what they can do with the flaw.
Oracle did not respond to a request for comment.
What do you know about online security? Try our quiz and find out!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…