Tag Archives: Java Exploit

Facebook Hacked.

Laptops belonging to Facebook employees were hacked as they were infected with malware. The attack took advantage of Java 0-day exploit.

Although Facebook says that no user data has been compromised, I wonder how good the company can protect the user’s data if they cant protect their own data. (laptop) ?

FB LOGO_ahitagni-dot-com

 

The company said it has reported the vulnerability to Oracle, which then patched the Java bug on Feb 1st.

Facebook made the following statement.

“Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops,” the company’s security team said in a blog post.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
The kind of attack that Facebook’s security team described is a very common scenario. Attackers regularly compromise legitimate Web sites, plant exploit code on them that targets a specific vulnerability or group of vulnerabilities and then wait for users to hit the site with vulnerable browsers. They often run these attacks with exploit kits such as Blackhole or Eleonore and typically use exploits for known vulnerabilities rather than zero days, which are much more valuable to attackers. Once a zero day is used and then discovered, as in the Facebook attack, it loses most of its value to attackers, so they tend to be selective in their use of them.
An exploit that is able to bypass the Java sandbox would be especially valuable to an attacker, given the huge installed base of Java. There have been several such exploits circulating in recent weeks, but it’s not clear which one Facebook security personnel discovered on their network.
Facebook officials were not specific about what other companies they believe were also victims of this attack, but said that once the company discovered the malware and traced it back to the originating domain, it began sharing data about the attack with other companies.
“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means,”

Do leave your valuable comments, would love to know what do you think ? Do you really think Facebook can protect your data ?

Source: Facebook Security Page.

Another critical Java vulnerability up for sale for $5,000.

Just after the day Oracle pushed a patch for the Java vulnerability. A new Java exploit was released for sale in an under-ground forum at the price of $5,000. The price will fetch you not only the “weaponized” version of the executable file but also the source code so that it could be used it other type of attacks. Experts say that Oracle did not patched all the vulnerability and released the patch in a rush.

Krebs said the latest attack exploited “a different and apparently still-unpatched zero-day vulnerability in Java.” His article came around the same time researchers from antivirus provider Trend Micro warned that the Oracle patch may not be effective at blocking some attacks.

 

Types.Of.Application.Can.Make.With.Java.itcurve

 

“Based on our analysis, we have confirmed that the fix for CVE-2013-0422 is incomplete,” Trend Vulnerability Research Manager Pawan Kinger wrote in a blog post. Kinger went on to explain that the vulnerability stemmed from flaws in two parts of the Java code base: one involving the findclass method and the other involving the invokeWithArguments() method. While Sunday’s patch fixed the latter issue, the findclass method can still be used to get references to restricted classes, leaving a hole that attackers can exploit.

 

 

 

The post from the underground forum by the seller of the vulnerability.

“New Java 0day, selling to 2 people, 5k$ per person

 

And you thought Java had epically failed when the last 0day came out. I lol’d. The best part is even-though java has failed once again and let users get compromised… guess what? I think you know what I’m going to say… there is yet another vulnerability in the latest version of java 7. I will not go into any details except with seriously interested buyers.

 

Code will be sold twice (it has been sold once already). It is not present in any known exploit pack including that very private version of [Blackhole] going for 10$k/month. I will accepting counter bids if you wish to outbid the competition. What you get? Unencrypted source files to the exploit (so you can have recrypted as necessary, I would warn you to be cautious who you allow to encrypt… they might try to steal a copy) Encrypted, weaponized version, simply modify the url in the php page that calls up the jar to your own executable url and you are set. You may pm me.”

 

For more details click the source link.

Source: Kerbs on Security

New Java 0 day 1.7u10 spotted in the wild.

A new 0-day vulnerability is found in the wild and is being exploited currently. At present the only way to save yourself from it is to disable the Java plugin in your browser.

 

Types.Of.Application.Can.Make.With.Java.itcurve

 

The US Computer Emergency Readiness Team (US-CERT)  which is under the National Cyber Security Division of the Department of Homeland Security said the following.

Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, online casino unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.
Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

The full report can be found here.

It seems like the first one to find about the vulnerability is a French researcher named Kafeine For more details about the vulnerability hit the source link.

Source: Malware don”t need Coffee.

 

12 Million Apple device UDID stolen from FBI.

FBI Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team had 12 million Apple device UDID[to e specific 12,367,232 UDID ] in one single CVS file NCFTA_iOS_devices_intel.csv [not only UDID along with that Full Name, Address, Zip Code, Cell Number,etc were stored] on a Dell Vostro laptop which was stolen by using Java vulnerability exploit.[ AtomicReferenceArray vulnerability on Java. ]

 

 

UDID stored by FBI

 

 

Before we debate about was Apple right or wrong in implementing UDID. I really don”t understand how did FBI got hold of so many UDID ? Well I am sure that not all 12 million UDID belonged to criminals whom FBI have captured and noted down there devices UDID. So was Apple selling the info to FBI? Nope if that was the case the leaked file wont contain 5 UDID belonging to late Steve Und dazu konnen Sie sogar noch wahlen, ob sie im normalen Modus casino spiele n oder zu Expertenmodus wechseln mochten, ganz nach Ihrem eigenen Tempo – Cashapillar wird Ihnen auf jeden Fall stundenlang Spa? bereiten! Wir haben hier ein paar Tipps fur diejenigen von Ihnen zusammengestellt, die ihre Gewinnstrategie ausarbeiten mochten. Jobs. So how did FBI got such a huge volume of data, did they got it in a legitimate and legal way? Last time I checked UDID should not be sold or shared without users permission. And FBI was the organization to stop person from doing illegal things not do illegal things themselves.

And even if FBI has some strange power which given to them which allow to do them what they feels is correct, while a sensitive data of millions of people are getting stored in a digital format, one should apply enough security to store it in a secure way.

Along many common people few significant UDID stolen belong to famous people.

  • 5 UDID of Steve Jobs
  • 3 UDID of Bill Gates
  • 1 UDID of John Ive

The fact that FBI was storing UDID of common people was brought to light by the famous hacker group Anonymous. I would like to thank them to letting us know this fact, which we would not have known otherwise.

[Note: Me or this site is no way linked with Anonymous , this blog gives only my personal views]

Do share your thoughts on what do you think. How did the FBI got hold of so many UDID? What did they not protect their computer from Java Vulnerability?

 

 

Oracle pushes security patch to Java for CVE-2012-4681

The security flaw of Java that was included in the Blackhole exploit kit, got patched today by Oracle. Oracle released this patch today which was Slot bonus models require gamers to twist and switch their device, Curler roulette mobile.the-best-casinos-online.info/roulette.php enables the consumer to spin the reel and toss the ball in &#8211 neither which are ground-breaking ideas but both add an additional facet of play that other mobile casinos don't. originally to be pushed in October.

Install the Patch for CVE-2012-4681

It is advisable to install the patch for Java on your computer. To know more about CVE-2012-4681 and its patch please do visit the following official link of Oracle.

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

 

Its Time You Disable Java On Your Browser. New Java exploit , included in the Blackhole exploit kit , Oracle was told about this exploit in April.

Recently there has been lot of malwares and virus designed with help of Java, to make the malicious code run anywhere, be it Windows , Linux or Mac. But a flaw in the Java itself which was informed to Oracle , in the month of April, has still not being patched. And thus the exploit has been public which is now included in Blackhole exploit kit, to spread virus to Windows machine.

Brain Krebs was first to find out the that  CVE 2012-4681 was being added casino to the Blackhole exploit kit,security company SophosLabs also confirmed it. As of now its only known to be spreading virus on Windows computers, if Mac or Linux are effected is not confirmed yet. The version which is effected in Java 7 , as Mac”s Java version is updated by Apple that version is not yet known to be effected. But as Java 7 has been made available for Mac OS X by Oracle , if user has updated to the new version, they are at risk.

Its is wise to keep Java disabled for the time, till patches are being applied.

Update

Go to http://isjavaexploitable.com/ to check if you Java is vulnerable to exploit.