Stay updated on Java information security news, trends & best practices. Protect your systems against Java-related vulnerabilities and threats.
Search across headline titles and summaries.
Background for this topic.
Java is a high-level, class-based, object-oriented programming language that is widely used in various computing platforms from embedded devices and mobile phones to enterprise servers and supercomputers. Java's core design principle of "write once, run anywhere" makes it a popular choice for developers, as it is platform-independent at both the source and binary levels.
In the context of information security, Java holds significance due to its pervasive application and the inherent security measures it provides. It includes a robust security framework encompassing a set of APIs, tools, and implementations of commonly-used security algorithms, protocols, and mechanisms. These help in performing tasks like cryptographic operations, authentication, access control, and secure communication. However, Java software also represents a common attack vector for cyber threats due to its ubiquity and the existence of various security vulnerabilities that can be exploited if the software is not kept up-to-date or is misconfigured. Vigilance in patch management, code review, and application of best security practices are essential in maintaining the security of Java-based applications.
Weekly headline count for the current query.
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks. [...]
A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. [...]