It is extremely important that enterprises urgently patch their Java Runtime Environments (JREs) and (Java Development Kits) JDKs since 14 vulnerabilities addressed in this security update are remotely exploitable over a network without authentication -- which are the most serious kind of threats.
Google has released Chrome 42 to the stable channel, and among the changes announced is one that will automatically block Oracle's Java plugin and other plugins that use the old NPAPI (Netscape Plugin API).
Dutch infosec firm Fox IT has spotted a lage scale malvertising campaign that seems to originate from Bulgarian Google ad reseller EngageLab.
The Cisco 2014 Midyear Security Report, released today at Black Hat, examines the “weak links” in organizations - outdated software, bad code, abandoned digital properties, or user errors - that contribute to the adversary’s ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and “life event” spam.
In a recent poll, half of the senior IT professionals polled said their Java applications are vulnerable (32%) or very vulnerable (17%) to attacks.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.