<<<
Friday, December 23, 2011
>>>
 
Java Exploit on Amnesty International's UK Site Posted by Sean @ 12:57 GMT

'Tis the season for giving. And anybody visiting Amnesty International's UK website could currently end up with the gift of a keylogger courtesy a Java exploit. Brian Krebs has written about it on his blog: Krebs on Security.

Krebs on Security

Amnesty's UK site was hacked to include an iframe linking to a Brazilian server, which hosts a CVE-2011-3544 based Java Exploit.

Our browsing protection is now blocking Amnesty's site. We've been blocking the .br site for several days already. We detect, and there's fairly good AV industry coverage on, both the Java exploit and the trojan it drops.

Read the full details from Krebs, linked above. And stay safe.

As Mikko noted in his post yesterday, if you don't need Java SE, why have it installed?

Here's what a Java-free browser will display when it comes across a Java exploit:

An additional plug-in is required to display some elements on this page.

"An additional plug-in is required to display some elements on this page."

That's one element you really don't want.












<<< Impostor Apps in the Android Market
|
About Anonymous, Donations and Charities >>>