Black Hat, Defcon security horror stories show enterprise vulnerabilities

By John Brandon, CIO |  Security, Black Hat, Defcon

A raging computer virus can wreak havoc on your network. One innocuous video surveillance camera in the parking lot outside your corporate campus can be a gateway for destruction. A code snippet from a seemingly harmless, decades-old Microsoft database utility can leave the door open for hackers.

Knowing the latest security threats is half the battle in keeping an enterprise security breach off the front pages of your local newspaper. At this summer's Black Hat and Defcon conferences in Las Vegas, experts recounted several emerging threats that could comprise intellectual property, reveal corporate secrets or run wild on corporate networks.

Java Zero-Day Exploits Spreading Like Wildfire

The Java zero-day exploit linked to the Nitro hacker group in Asia is the biggest story to come out of Black Hat, according to Anup Ghosh, CEO and founder of security software company Invincea. The Java code uses a spear-phishing technique, which targets specific companies and is a common nation-state tactic. Hackers link multiple Java zero-day attacks in the browser; Ghosh estimates there are at least 100 known sites hosting the exploit now. It is also now included in the well-known BlackHole toolkit that cybercriminals use to distribut their wares.

Black Hat News: Java Vulnerabilities Increasingly Targeted By Attackers

"Java exploits are cross-platform. Oracle has reportedly known about the flaw since April but isn't scheduled to release a patch until [its] regular patch cycle in October," Ghosh says. "The number of users that are vulnerable is extremely large."

Large security pundits, he says, are advising people to uninstall Java. Ghosh disagrees with this approach. "Uninstalling Java or disabling functionality in general is not the right solution. Start with Java, then what next? Flash, JavaScript, HTML5, the browser, the Web?"

Network Card Backdoor Access


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question