Home > Knowledge Centre > Java

Spring4Shell: Zero-Day vulnerability CVE-2022-22965 in Spring Framework

  • Shiv Mohan / 4 years
  • 0
  • 2 min read

A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older. The Spring Framework is an open-source, popular, feature-rich application framework used for building modern & enterprise Java web applications. Publicly available exploits in this widely […]

Quick Heal thwarts attempts of a JAVA jRAT phishing campaign targeting an international embassy in India

  • Pradeep Kulkarni / 8 years
  • 0
  • 4 min read

Earlier we had blogged about how JAVA based jRAT malware were evolved in the recent times. At Quick Heal Security Labs, we are actively observing jRAT campaigns happening in the wild. These JAVA malware spread through phishing campaigns. While analyzing one such phishing campaign, we found that an International embassy in India was being targeted by phishers. The malware used in the phishing campaign was the infamous JAVA malware called jRAT.  Phishers sent phishing emails to the official email […]

Web security basics: Watering hole attacks VS phishing attacks

  • Adithya Omanakuttan / 13 years
  • 34
  • 3 min read

Computer users who are well versed with security threats know why and how clever phishing pages must be avoided. Clear signs help to identify fake phishing pages but what does one do against a “watering hole attack”? What exactly is a watering hole attack? A watering hole attack is a technique whereby users are profiled […]

Security news and updates from the last week

  • Adithya Omanakuttan / 13 years
  • 3
  • 2 min read

New York Times website breached by Chinese hackers The New York Times recently discovered that their computer systems were breached by Chinese hackers. The hackers stole corporate passwords of each and every employee and spied on more than 50 individuals in a time span of 4 months. Apparently these attacks started when the Times started […]

As another Java flaw is discovered, is it time to disable Java completely?

  • Adithya Omanakuttan / 13 years
  • 12
  • 3 min read

After a massive Java 0-day vulnerability surfaced in August 2012, Oracle released an out-of-cycle update to combat the exploit. However, we advised our readers to simply disable Java on their web browsers to avoid the threat. Java has now become a highly vulnerable program that causes more trouble than it is worth and this is […]

Oracle releases Java 0-day vulnerability security patch

  • Adithya Omanakuttan / 13 years
  • 39
  • 1 min read

Yesterday we highlighted the Java 7 0-day vulnerability (CVE-2012-4681) that necessitated immediate attention by disabling the Java plug-in. Oracle has now addressed this vulnerability by releasing a security patch that users should install on an immediate basis. In the past, Oracle has only released updates once every 4 months. Hence it was expected that this […]

How to avoid the latest Java 0-day vulnerability

  • Adithya Omanakuttan / 13 years
  • 46
  • 3 min read

Java application software has always been extremely vulnerable due to its cross-platform nature. Exploits developed for this software platform can be used to affect various computer systems across diverse computing environments. Now, a new 0-day vulnerability is being exploited by attackers and this is causing mayhem across the computer security world. What is the vulnerability? […]