Oracle Corp. recently announced it had released a fix for its compromised Java software. The flaws had raised big concerns at the U.S. Department of Homeland Security and, even after the fix was released, the federal agency continued to issue warnings to users to disable Java in their chosen web browsers.
DHS published an updated alert on its Computer Emergency Readiness Team website saying, “This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.” Vulnerabilities in Java’s latest version, version 7, were "being actively exploited," the department said.
Java is a programming language and computing platform that enables certain programs to run within web browsers. It also is responsible for powering certain advertising networks. Users who heed the DHS warnings and disable Java will most likely not be able to view certain sections of websites, in particular ones that display real-time data like ads, weather updates and stock prices.
Cyber security experts say the special code that allows hackers to take advantage of Java’s vulnerability is being sold on the black market via “Web exploit packs.” These packs, which are sold for upwards of $1,500 each, allow users to steal credit card information and other personal data.
The packs also enable users to hack into legitimate websites and completely hijack ad networks, redirecting unsuspecting web searchers to malicious websites where malware can be loaded onto their personal computers or mobile devices.
Liam O'Murchu, a researcher with Symantec Corp. noted that the sale of these packs means malicious software exploiting security gaps is “going to be spread across the Internet very quickly.”
As cyber criminals become more sophisticated, the need for cyber security specialists will be on the rise. Leading the fight against these malicious digital attacks are the educational institutions that are preparing the next generation of degree seekers with a capability and a passion for reducing cyber threats to the United States and the rest of the world.