If you tried to access Yahoo mail today, chances are that you saw at least once the Safe Browsing dialog instead of your inbox, as one of the advertisers showing banners on Yahoo has started serving malicious content. The malicious ads started showing up earlier this morning, when ad pusher eqads.com got blocked by Google Safe Browsing. A closer look into the incident revealed that the eqads.com site is red...

A newly discovered flaw in the Origin distribution platform could allow cyber-criminals to install malware on machines regardless of the operating system. The technique was documented in a paper by security researchers Luigi Auriemma and Donato Ferranta presented at the BlackHat conference in Amsterdam. This is the same team of researchers who found a similar vulnerability in the Steam browser protocol last...

Oracle released another Java fix to patch the vulnerabilities uncovered this week.  In a Security Alert for CVE-2013-1493, the company advises all users to install the security patch as soon as possible considering the “severity of these vulnerabilities.” This particular update addresses a vulnerability known as CVE-2013-1493 (US-CERT VU#688246) and a security issue “affecting Java running in web browsers,”...

A recent HTML5 browser exploit enables websites to flood users with gigabytes of junk data, only to clog PCs and crash browsers. Web developer Feross Aboukhadijeh rigged a proof-of-concept website that exploits the vulnerability and adds 1 GB of data every 16 seconds on a solid state drive. Named FillDisk.com, the webpage can be accessed by anyone interested in learning more about the HTML5 vulnerability. T...

Two new security flaws have been detected in the latest version of Java 7 (Update 15) by security researchers at Polish company Security Explorations. According to their account, the security issues dubbed “issue 54” and “issue 55” can be combined to bypass the Java sandbox and execute privileged arbitrary code from an untrusted source. Although the flaws were discovered before they got exploited in the wil...

Apple reported some of its employees were hacked through a Java plugin exploit served through a developer website, but no evidence of data theft was revealed. The few computers compromised were unplugged from the network and are pending investigation as to the source of the attack. The company believes the malware was designed for other companies as well and that it’s part of a larger operation. “Apple has ...

A bug in the Mac OS X version of the Microsoft Office suite has been used to spy on the cyber-habits of some Asian activists militating against the Chinese government.  This highly-targeted attack uses a specially-crafted document delivered via email – if opened, the malicious document drops and installs a backdoor application on the victim’s Mac computer that gives an attacker control of the system. The do...

For the second time in two weeks, Apple pulled Java from its users’ browsers via an update to its XProtect anti-spyware scanner. The decision, based on the series of security incidents involving Java, has stirred a wave of complaints on the vendor’s support forums. The XProtect update automatically disables all versions of the Java Web plug-in before version 1.7.11.22, as a number of reports from vulnerabil...

A report by the Security Engineering Research Team revealed that 70 percent of exploit kits reviewed were developed in Russia. In the fourth quarter, 58 percent of targeted vulnerabilities were 2 years old, confirming that cyber criminals still successfully use them. One of the most popular exploit kits in 2012 was BlackHole 2.0, which was used to distribute 18 percent of malware samples analyzed by the SER...

While half of the globe was busy yesterday having the “lols” about the Japanese kitten rigged with a malware-infested flash device attached to its collar, serious stuff was going down in Javaland. UPDATE: On January 13, Oracle issued a partial fix for the issue. The patch is now available on the Oracle web portal and updates the java version to 1.7 Update 11. You are advised to update immediately, but manif...