java Vulnerability | Breaking Cybersecurity News | The Hacker News

Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle's Java software that could allow to gain remote control over victim's machine. The news has been reported by KrebsOnSecurity blog that announced that the exploit being sold on an Underweb forum. The vulnerability is related to the most recent version of Java JRE 7 Update 9, it isn't present in previous versions of the framework, in particular the bug resides within the Java class "MidiDevice according the info provided by the seller that describes it with following statements: " Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7 ," " I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly. " The exploited class is a component of Java that handles audio input and output. It's easy to understand that similar vulnerability has a great value du

Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about. Symantec's latest research report suggests police-themed ransomware could be a replacement to the once-lucrative fake antivirus scareware trade. According to  report , Ransomware distributors are raking in around $5 million dollars a year and the spoils are being spread among just 16 crime groups. Symantec's estimates suggest a significant but not yet thriving crime business, which delivers each operation, on average, $300,000 a year. Reticently identified Oracle Java SE Remote Java Run time Environment vulnerability (  CVE-2012-5076 ) leads to  Geo located   Ransomware Malware . Java vulnerability actually can allows attacker to unauthorized disclosure of information, unauthorized modification and disruption of service. This Ransomware shows a bogus notification, that preten

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.