Watch out - this SAP NetWeaver bug has a maximum severity score, and it could target your servers next

SAP is the world’s largest ERP vendor, with products in use by more than 90% of the Forbes Global 2000 list, so ...
The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

"Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting a malicious payload to an open port," according ...
The Hacker News

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also ...
Computerworld

Java zero-day exploit goes mainstream, 100+ sites serve malware

Attackers using two recently-uncovered Java unpatched vulnerabilities, or “zero-days,” have quickly expanded their reach by going mainstream, security experts said today. And on Tuesday, Mozilla, ...
CRN

CISA Warns Of SolarWinds Java Exploit

'These types of vulnerabilities are frequent attack vectors,' CISA says in a post online. A government agency is warning about threat actors exploiting a Java deserialization remote code execution ...
Ars Technica

Attack targeting critical Java bug added to hack-by-numbers exploit kit

"Please, for the love of your computer, disable Java on your browser." This keeps ignoring the fact that very few Mac and Linux machines in the wild actually have the ...
InfoWorld

Java zero-day vulnerability actively exploited by attackers

An exploit for a previously unknown and currently unpatched vulnerability in Java is being used by cybercriminals to infect computers with malware, according to security researchers. An independent ...
Computerworld

Java exploit used in Red October cyberespionage attacks, researchers say

The hundreds of government, military and research organizations targeted in a large-scale cyberespionage operation dubbed Red October were not only attacked using malicious Excel and Word documents as ...
Nextgov

Microsoft: Java worse than PDF as security threat

Java should be considered a top software security threat, even more so than Adobe PDF files, according to Microsoft's announcement issued today. Java should be considered a top software security ...
Krebs on Security

How to Unplug Java from the Browser

Below are instructions for unplugging Java from whatever Web browser you may use to surf the Web. These instructions were originally posted as a how-to in response to this piece: Zero-Day Java Exploit ...
InfoWorld

Rogue Microsoft Services Agreement email notifications lead to latest Java exploit

Hackers are distributing rogue email notifications about changes in Microsoft’s Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect ...
Time

Do-Over: Apple Takes Second Stab at Blocking Mac Trojan

Did you tell your Mac to “check for new software” in view of the worrisome Trojan botnet virus that clambered across the Internet and onto over half a million Macs recently? Download Apple’s Java ...