Posts Tagged ‘Java’


1.Smart Appliances

Smart TVs, smart fridges and other internet-connected home appliances, ranging from medical equipment to security cameras, are widely expected to become a “magnet for hackers” says Kevin Haley, director of Symantec Security Response in a blog post.

Companies building internet-connected appliances such as smart TVs often don’t recognize potential security risks, says internet security firm Symantec. (Thomas Peter/Reuters)

“The companies building gadgets that connect to the internet don’t even realize they have an oncoming security problem,” Haley wrote.

“These systems are not only vulnerable to an attack — they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities.”

One of the concerns is that hackers logging into such appliances may be able to get information about who is home at a given time of day, noted Fortiguard, adding, “This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.”

Fortiguard predicts we’ll see the first mass malware for home devices such as smart TVs and appliances later in 2014.

2. Social networks

Attacks by cybercriminals are becoming more targeted, and social networks are becoming a useful source of data for crafting these types of attacks.

Websense predicts that in 2014 hackers will increasingly make use of services such as LinkedIn to lure executives and other potentially lucrative targets.

“This highly targeted method will be used to gather intelligence and compromise networks.”

Haley of Symantec adds that cybercriminals won’t just be turning to big social networks.

“Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure,” he wrote. “Users who feel it’s just them and their friends on these new sites are in for a big (and unpleasant) surprise.”

3. The cloud

Businesses are increasingly storing their data in the cloud and on servers outside their own network, and Websense predicts that criminals will increasingly turn their attention to that data this year.

“Hackers will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls’ of an on-premise enterprise network,” WebSense says.

Sophos predicts that cybercriminals will target mobile devices and the credentials of individual employees to gain access to the cloud, perhaps employing blackmail via “ransomware” that threatens to go public with confidential data if the criminals aren’t given what they ask for.

4. Android

According to Sophos, malware aimed at Google’s Android grew exponentially in 2013, and is expected to keep growing in 2014 because of the operating system’s dominant share of the smartphone market.

Trend Micro predicts the number of malicious and high-risk apps for the Android operating system will hit three million in the coming year.

“While we expect that new security features in the Android platform will make a positive change in infection rates over time, their adoption will be slow, leaving most users exposed to simple social engineering attacks,” the company wrote.

It added that the mobile devices that run Android are “an attractive launching pad for attacks aimed at social networks and cloud platforms.”

Trend Micro predicts the number of malicious and high-risk Android apps will hit three million in the coming year.

Fortiguard expects Android malware to expand beyond mobile devices in 2014 to industrial control systems in devices such as smart home appliances.

5. Java

Plug-ins that allow browsers to run apps in the Java programming language – already responsible for some high-profile cyberattacks – will continue to be exploited in 2014, security experts say.

“In 2014, cybercriminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks,” the company predicted.

Security patches for older versions of Java and Windows are no longer being issued, even when new exploits are found, despite the fact that there are many systems still using this software.

Trend Micro predicts that in the coming year, that “lack of support” will expose millions of PCs to attack.

Source :


Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important.

The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.

The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations.
The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software and Microsoft Windows. Microsoft will host a webcast to address customer questions on the security bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada).

In what many are hoping will be a precedent-setting achievement, Apple released a Java update for Mac OS X on the same day that Oracle released updates for Java in Windows, Linux, and Solaris. Apple issued two separate updates – one for OS X 10.7 and another for OS X 10.6 – to fix 11 vulnerabilities in each edition. The Oracle updates for other operating systems address 14 vulnerabilities. Two of the flaws that Oracle’s updates addressed do not pertain to Java for Apple; it is unclear why the third issue was not addressed in the Apple update.

Earlier this year, Apple’s habit of waiting weeks after Oracle updated Java to issue its own updates for its OSes caused problems when attackers exploited a Java flaw that was patched in other versions to infect Apple machines with the Flashback malware.