September 12, 2012, 10:34 AM — A raging computer virus can wreak havoc on your network. One innocuous video surveillance camera in the parking lot outside your corporate campus can be a gateway for destruction. A code snippet from a seemingly harmless, decades-old Microsoft database utility can leave the door open for hackers.
Knowing the latest security threats is half the battle in keeping an enterprise security breach off the front pages of your local newspaper. At this summer's Black Hat and Defcon conferences in Las Vegas, experts recounted several emerging threats that could comprise intellectual property, reveal corporate secrets or run wild on corporate networks.
Java Zero-Day Exploits Spreading Like Wildfire
The Java zero-day exploit linked to the Nitro hacker group in Asia is the biggest story to come out of Black Hat, according to Anup Ghosh, CEO and founder of security software company Invincea. The Java code uses a spear-phishing technique, which targets specific companies and is a common nation-state tactic. Hackers link multiple Java zero-day attacks in the browser; Ghosh estimates there are at least 100 known sites hosting the exploit now. It is also now included in the well-known BlackHole toolkit that cybercriminals use to distribut their wares.
Black Hat News: Java Vulnerabilities Increasingly Targeted By Attackers
"Java exploits are cross-platform. Oracle has reportedly known about the flaw since April but isn't scheduled to release a patch until [its] regular patch cycle in October," Ghosh says. "The number of users that are vulnerable is extremely large."
Network Card Backdoor Access