The Latest in IT Security

Java Exploit on Amnesty International’s UK Site


‘Tis the season for giving. And anybody visiting Amnesty International’s UK website could currently end up with the gift of a keylogger courtesy a Java exploit. Brian Krebs has written about it on his blog: Krebs on Security.

Krebs on Security

Amnesty’s UK site was hacked to include an iframe linking to a Brazilian server, which hosts a CVE-2011-3544 based Java Exploit.

Our browsing protection is now blocking Amnesty’s site. We’ve been blocking the .br site for several days already. We detect, and there’s fairly good AV industry coverage on, both the Java exploit and the trojan it drops.

Read the full details from Krebs, linked above. And stay safe.

As Mikko noted in his post yesterday, if you don’t need Java SE, why have it installed?

Here’s what a Java-free browser will display when it comes across a Java exploit:

An additional plug-in is required to display some elements on this page.

“An additional plug-in is required to display some elements on this page.”

That’s one element you really don’t want.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments