Another zero-day vulnerability is being exploited in attacks
spotted in the wild: this time, the targeted software is Java.
 |
| First Java Zero-Day Attack in Two Years Targets NATO & US Defense Organizations |
The existence of the flaw was discovered by finding
suspicious URLs that hosted the exploit.
"The said URLs hosting the new Java zero-day exploit
are similar to the URLs seen in the attack launched by the threat actors behind
Pawn Storm that targeted North Atlantic Treaty Organization (NATO) members and
White House last April 2015," they explained.
In the current campaign, targets - a NATO member and a US
defense organization - were directed towards these URLs via links in emails.
The exploit allows attackers to execute arbitrary code on
target systems with default Java settings.
The flaw affects the latest Java version 1.8.0.45, but not
older versions (v1.6 and 1.7). Oracle is working on a patch, but downgrading
Java to one of the older versions is not a good idea because they are
vulnerable to other attacks.
Disabling Java in your preferred browser is for now is a
better option. Use a secondary browser with Java enabled to view sites you
absolutely must visit and which require it.
For additional information, click here.
