Java-based attacks remain at large

By -

Java-based attacks remain at large, researchers say

Summary: Just how are Java attacks getting through?

A new Websense report suggests that approximately 94 percent of endpoints which run Oracle's Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril. 
According to security researchers at Websense, it's not just zero-day attacks which remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals.
With so many vulnerabilities, keeping browsers up-to-date can become an issue — especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely. Keeping this in mind, the security team used their Advanced Classification Engine (ACE) and ThreatSeeker Network to both detect and analyze in real-time which versions of Java are currently in use across "tens of millions" of endpoints.
The researchers found that the latest version of Java, version 1.7.17, is only in use by a dismal five percent of users, and many versions are months or years out of date — just begging to be exploited.

 
Global distribution of Java Runtime Environment versions based on active browser usage. [click to enlarge]

Within the digital attack space, crimeware kits — which can be purchase for as little as $200 — often come supplied with Java-based exploits. The researcher's breakdown of vulnerabilities which have exploit kits available to attack them are thus:

javakitco

The most widely-detected version of Java currently in use is version 1.6.16. Over 75 percent of browsers are using Java versions which are at least 6 months old, whereas nearly two-thirds are a year out of date, and 50 percent of Java versions in use are over two years behind the times in respect to Java vulnerabilities.All in all, the researchers say that the vulnerable population of browsers is pegged at a staggering 93.77 percent.
Time to update, folks.attacks."


Yahoo hones mobile vision further with Summly buy

Summary: UPDATED: Could Yahoo fill the void for some left by the closure of Google Reader? Perhaps -- at least from a mobile perspective -- with a new acquisition.


zdnet-summly-mobile-news-app

Turns out online news readers are all the rage these days -- whether they're on the way out or someone else is coming up with an alternative.Yahoo has been busy rebuilding its own digital news and media platform, from the email app to a new home page and infinite newstream.Now the Cupertino, Calif.-based company is working harder on the mobile aspect as it purchases mobile news reader Summly.Adam Cahan, senior vice president of mobile and emerging products at Yahoo, noted in a blog post on Monday that the standalone Summly app will be shuttered, but that the team behind it will be joining Yahoo. AllThingsD is reporting that Yahoo paid approximately $30 million for Summly, breaking down to 90 percent in cash with the remaining 10 percent in stock.
However, it could be difficult to argue that Yahoo is filling a void left by Google Reader. Summly's elegant user interface for reading news online looks more on par with the likes of Google Currents or even Pocket or Flipboard.But considering it was also named one of the best apps in Apple's App Store in 2012, that design as well as popularity could push Yahoo News to the forefront of plenty of smartphones and tablets.
The addition of Summly also quickly follows Yahoo's acquisition of social recommendation engine Jybe last week.CEO Marissa Mayer has spoken frequently in the last few months about her vision for Yahoo to be focused around personalized web experiences.
Since she took the helm of the beleaguered search company last summer, Yahoo has beenstockpiling mobile and social media startups while also consolidating and eliminating other products that don't align with the new strategy.

Comments

Post a Comment

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

By -
Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total populatio
Read more

​Linux totally dominates supercomputers

By -
Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc
Read more

Microsoft tries to stem its self-made collaboration-tool confusion

By -
Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t
Read more