Java Archives - Security Affairs

Pierluigi Paganini October 07, 2024

Critical Apache Avro SDK RCE flaw impacts Java applications

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of […]

Pierluigi Paganini April 23, 2022

Are you using Java 15/16/17 or 18 in production? Patch them now!

A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS score: 7.5), in Java. The vulnerability was discovered by ForgeRock researcher Neil Madden, who notified Oracle on November 11, 2021. An […]

Pierluigi Paganini August 20, 2018

Malware researcher reverse engineered a threat that went undetected for at least 2 years

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many […]

Pierluigi Paganini February 22, 2017

FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer […]

Pierluigi Paganini March 24, 2016

Patch Java immediately or attackers can hack you

The CVE-2016-0636 flaw affects Java SE running in web browsers on desktops, attackers can trigger it remotely to takeover your PC. Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. The CVE-2016-0636 vulnerability affects Java SE running in […]

Pierluigi Paganini March 14, 2016

CVE-2013-5838 Java flaw is back two-year later due to broken patch

The patch for the critical Java CVE-2013-5838 vulnerability released by Oracle in 2013 is ineffective and can be easily bypassed. Bad news for Java users, in 2013 Oracle released a patch to fix the CVE-2013-5838 vulnerability, but security experts discovered that it could be easily bypassed to compromise the latest versions of the software. This means […]

Pierluigi Paganini April 18, 2015

Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login. Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication. Every application running on any of […]

Pierluigi Paganini January 28, 2015

Java poses the biggest security risks to PCs in US

According to a new series of reports published by Secunia firm, Oracle Java poses the biggest security risks to Desktop machines in the US. According to the a new report published by Secunia security vendor, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x. Oracle Java is […]

Pierluigi Paganini June 19, 2014

Security issues found in USCIS RFID Card production system

The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. A report from the Office of the Inspector General (OIG) at DHS titled “Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened” confirms the presence of serious security issues in the […]

Pierluigi Paganini February 26, 2014

YouTube ads network serving Caphaw Banking Trojan

YouTube users were targeted by a classic drive-by download attack by exploiting client Java software vulnerabilities and serving Caphaw Banking Trojan. What about using YouTube to spread malware? YouTube is a video-sharing website on which users can upload, view and share videos, it has great appeal to the users and represents one of the bastions of the Internet. The website was […]

Java

Critical Apache Avro SDK RCE flaw impacts Java applications

Are you using Java 15/16/17 or 18 in production? Patch them now!

Malware researcher reverse engineered a threat that went undetected for at least 2 years

FTP Injection flaws in Java and Python allows firewall bypass

Patch Java immediately or attackers can hack you

CVE-2013-5838 Java flaw is back two-year later due to broken patch

Java – New vulnerabilities affects million applications

Java poses the biggest security risks to PCs in US

Security issues found in USCIS RFID Card production system

YouTube ads network serving Caphaw Banking Trojan

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

QUICK LINKS

Java

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!