Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world.Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure expected to rise sharply after the exploit code for the Java vulnerabilities was added in recent days to the popular hacker tool Blackhole.

Analysis Shows Traces of Wiper Malware, But No Links to Flame

One of the things about the investigation into the Flame malware that’s remained unclear for several months now is what ever became of the so-called Wiper virus that had been seen erasing data on machines in Iran and that led researchers to eventually discover Flame. No actual samples of Wiper have been seen, just indirect evidence that the malware existed, but now researchers have analyzed some hard drive images of machines that were affected by Wiper and found that the malware has some links to Duqu and Stuxnet, but was in fact a separate attack and doesn’t appear to have any ties to Flame.

Second LulzSec Member Arrested for Sony Pictures Attack

A Tempe, Arizona man was arrested Tuesday for allegedly taking part in the June 2011 attack on Sony Pictures Entertainment Inc.’s network, in which passwords and other personal data was stolen from one million user accounts.Raynaldo Rivera, 20, was charged with conspiracy and unauthorized impairment of a protected computer, which could earn him up to 15 years in prison if he is found guilty. He was ordered to appear in a Los Angeles courtroom Sept. 14.

Researchers who have dug into the exploit for the new Java CVE-1012-4681 vulnerability found that there are actually two previously unknown security bugs in Java 7 and that the exploit, which has been tied to attackers in China, is using both of them to get full control of vulnerable machines.

The Air Force Life Cycle Management Center (AFLCMC) posted a broad agency announcement [PDF] recently, calling on contractors to submit concept papers detailing technological demonstrations of ‘cyberspace warfare operations’ (CWO) capabilities.

As attacks on the new Java zero-day vulnerability continue and researchers look for ways to mitigate the flaw, they are encouraging users to disable Java in their browsers. There is now a site that users can visit that will detect whether their browser is running a vulnerable version of Java.

Officials at oil giant Saudi Aramco have confirmed that about 30,000 of the company’s workstations were hit by a malware attack on August 15, a number that lines up with claims made in posts on Pastebin by a group taking credit for the attack. The company said that while tens of thousands of machines were infected, its core oil production capabilities were not affected by the attack.

More details about the new Java zero day vulnerability are emerging, and as the seriousness of the problem has become clear, researchers have recommended that users disable Java altogether for the time being if they don’t have a specific need for it. 

Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts.The added layer of security is currently optional but can be selected after users opt in, then check the ‘Security’ section of their “Settings.’

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.