Security Technology

Oracle has just released its security update for June 2013 — a release that comprises of 40 security updates, with 37 of them addressing vulnerabilities that lead to malware execution. Also among the updates is one that fixes a vulnerability found in Javadoc tool — a documentation generator and is commonly used in websites. The said vulnerability, also identified as CVE-2013-1571, can be used to steal important user data by injecting an attacker controlled frame in generated Javadoc HTML page. This vulnerability is also known as Frame Injection vulnerability. Javadoc is a tool that generates .HTML documentation from Javadoc comments in the code. The vulnerability is due to a defect in the JavaScript code that is included as part of the HTML pages generated by the Javadoc tool. Hence all the websites using such HTML pages can be used by an attacker to steal their user data or to install malware by redirecting an unsuspecting user to attacker-controlled website. Oracle released two fixes in their June 2013 Oracle Java SE Critical Patch Update to address this vulnerability. The first is an updated Javadoc tool, while the second is a fix-in-place tool that patches the vulnerability from pages generated by Javadoc without having to regenerate existing JavaDocs. Needless to say, we strongly advise customers to apply the fixes the soonest possible. Trend Micro Deep Security customers are advised to update to the latest update DSRU13-020. The following Deep Security rule 1005553 – Oracle JavaDoc Frame Injection Vulnerability addresses the said issue. Hat tip to CERT for sharing the necessary information with us. Post from: Trendlabs Security Intelligence Blog - by Trend MicroOracle Update Includes Javadoc Frame Injection Vulnerability

Download the latest build for Acunetix Web Vulnerability Scanner v8 and be fully compliant with the most recent OWASP Top 10 2013 web vulnerabilities. The main feature included in Acunetix Web Vulnerability Scanner version 8, build 20130619 is the new ... [+]The post New Report for OWASP Top 10, 2013 in Acunetix Web Vulnerability Scanner v8 build 20130619 appeared first on Acunetix.

It’s no surprise that mobile phone usage has exploded over the past decade. According to a study by ITU, there are roughly 6.8 billion mobile cellular subscriptions worldwide today. As technology becomes more and more woven into the fabric of society, smartphone usage has become an increasingly common extension for desktop computing devices. Employees are configuring their personal smartphones to access company information and IT Professionals often struggle with how to manage the protection of corporate data. This dynamic has created new opportunities for cybercrime. Cybercriminals are increasingly targeting smartphone devices using a variety of tactics for malicious intent. These tactics include the repackaging of popular applications with malicious code for download in app stores or marketplaces, malicious URLs designed to deceive users into downloading apps or provide personal information, or leveraging erroneous SMS messages or “smishing” as a means to drive up a smartphone subscriber’s bill. Read more....(read more)

When a senior FBI official told Congress the role the NSA's secret surveillance apparatus played in a San Diego terror financing case today, nobody was more surprised to hear it than the defense attorney who fought a long and futile ...

Facebook (here), Apple (here), and Yahoo (here) have all released details of US government requests for data. They each say that they've turned over user data for about 10,000 people, although the time frames are different. The exact number isn't important; what's important is that it's much lower than the millions implied by the PRISM document. Now the big question:...

Google filed a legal challenge today against gag orders that come with the FISA court orders it receives from the FBI and NSA, on grounds that the silence orders impinge on the company's First Amendment rights to speak freely about ...

Updates for the software platform will now arrive on a quarterly basis, beginning in October.

Updates for the software platform will now arrive on a quarterly basis, beginning in October.

Patients of the Veterans Affairs hospital in Fayetteville, N.C., may have had their personal information exposed after more than 1,000 personal records were improperly disposed of.

Patients of the Veterans Affairs hospital in Fayetteville, N.C., may have had their personal information exposed after more than 1,000 personal records were improperly disposed of.