According to Bloomberg Businessweek: Online banking fraud is primarily carried out in two ways. In a phishing attack, criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. The other modus operandi of online banking frauds is to install keystroke-logging malware.

Attack Vectors

Of course there are other banking attack vectors such as man-in-the-middle attacks,man-in-the-browser attacks, cross-channel attacks and pharming (Trojan horse/virus on the victim’s computer). Banking Trojans like Gozi Prinimalka, SpyEye and Zeus can target an online bank site and detect when victims access their bank website. The attackers then have the capability to steal log-in credentials and other personal data associated with the victim’s account.

Blackhats

Back in September of last year, a cybercriminal who goes by the name “vorVzakone” announced in an underground forum a new blackhat project known as Project Blitzkrieg.

VorVzakone said at the time that the operation will target the customers of 30 U.S. banks using a Trojan program that has been in development since 2008 and has more functionality than Zeus or SpyEye — crimeware toolkits commonly used to steal money from online banking accounts. –ComputerWorld

During the spring of 2013 (and it is right around the cyber corner), VorVzakone plans to target the customers of 30 U.S. banks. I don’t have a clue as to the banks that will be targeted, but I plan to be prepared for it.

“Skype flooding” is also part of the VorVzakone operations package so that customers will not be able to contact their banks to verify funds. Does it make you mad that cybercriminals are becoming so vain that they can boast about their cybercriminal plans prior to executing them?

Phishing

You’ve heard of phishing attacks by now.  Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.

Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day.

URL Check

It’s important to check the URL of any website you visit before giving up personal data. A website’s privacy policy will often tell you which information they may ask you, and what types of data they collect on you. The more information a cybercriminal gains about someone, the easier it becomes for them to obtain login information, bank account credentials, social security numbers and so on. You’d be surprised how many people are susceptible to hacks just by what is publicly available online, coupled with some common sense. This is further proof of why it’s so important to remain vigilant when banking online.

 Online Banking Tips

1. Update your computer or device on a regular basis

2. Make sure you are using a secure site  

Look for “https” instead of http and look for the “lock” icon on the address bar of the browser you are using

3. Use a secure password

Minimum of 8 characters
Include a mix of numbers, letters, Uppercase & lowercase
If you can use special characters (&%#*), be sure to add those too
Change your password a minimum of every 3 months and never use the same password at any other site

4. Use your own devices to bank online

Never use a public computer
Consider using a dedicated computer for all financial transactions conducted online
Layer your connection with your bank by using a service such as Cocoon

5. Monitor your bank accounts
Always be aware of what is happening with your financial accounts

My Banking Solution

I use desktops with Vista and Windows 7, an iMac, a laptop (Win 7), a Linux server, an iPhone and an Android. I find myself layering different operating systems with whatever flavor works for me. On Windows and iMac I generally use Cocoon in varying capacities and also use Cocoon on my iPhone as my primary browser of choice. On my Linux machine I am mainly inside my terminal and rarely use a browser. Cocoon is always my top choice for browsing the Internet or banking online because it adds an additional layer of Internet security – and in 2013, we need additional layers of online protection to thwart cybercriminals like vorVzakone.

Do you have any online banking tips to share?  Leave a comment at our blog or visit us on Twitter and Facebook.

I have three children and over the years I have bought countless computers, phones and tablets. Our children seem to be using devices at a younger and younger age, and there are studies to prove it.

One recent study by Commonsense Media found that 22 percent of 5- to 8-year-olds use computers once a day, and more than a third of children under the age of 8 have used a mobile device – either cell phones or tablets – to watch movies, play games and use apps. While the Internet creates countless opportunities for kids to engage and learn online, it is essential that parents learn about best practices and use the available technology to protect their kids.

Here are a few tips and new tools to make it easier to help protect your children in the real and virtual world, ensuring they can surf, play and learn safely.

1.  Be Web Wise

According to a Science Daily article, “Four out of five children can’t tell when they are talking to an adult posing as a child on the Internet, according to researchers working on software to track pedophiles online.”

Teach your children how to interact safely with people they meet online. Be sure your kids understand they should never provide personally identifiable information about themselves, their current whereabouts, where they live or even what school they attend.

Your children may deal with situations online such as bullying, unwanted contact, or hurtful comments. Work with them on strategies for when problems arise, such as talking to a trusted adult, not retaliating, blocking the person, or filing a complaint. Agree on steps to take if the strategy fails.

2. Set Clear Expectations

As parents, we all have those tough “conversations”: drugs, the birds and the bees, where are you going and the like. Parents must set expectations about how our kids will use the Internet. We set curfews, bedtimes, chores, etc., and now we need to set boundaries for online surfing,  even from a cell phone. Set boundaries about:

-The types of websites your kids are allowed to visit

-Who they are allowed to socialize with online

-How much time they are allowed to be online at all, including study time and mobile browsing

Online safety can be a shared, positive experience. Surf the Internet with them. Appreciate your children’s participation in their online communities and show interest in their friends. Try to react constructively when they encounter inappropriate material and make it a teachable moment.

3. Activate Parental Controls

Kids may accuse parents of “spying” on them, but respectfully monitoring their online activity provides a check-in to ensure those expectations you’ve set are being met. Parental controls are a great way to be proactive about your child’s online safety and activities.  When enabling parental controls, use age-appropriate settings to filter, monitor and block your child’s activities.

Our company, Virtual World Computing, has worked to develop CocoonKids for KlaasKids, a new free tool to provide parents with a free browser plug-in designed to protect children from corporate tracking and family computers from malware. Parents can lock it into “Kid Mode,” ensuring kids only browse a parent-sourced whitelist of recommended, appropriate and safe websites. Accessing sites beyond CocoonKids for KlaasKids requires parental permission.

4. Discuss “Reputation Management”

Colleges and prospective employers alike are reviewing the online presence of their applicants to ensure they are accepting qualified, appropriate candidates. Kids and teens may not fully comprehend the damage that can be done – or the permanent trace that can be left – from their online photos and comments.

Keep up to date on Facebook security settings, and ensure your kids keep tight settings.

“Friend” your kids on Facebook and other social media outlets so you can see who they are friends with, what photos they are posting, etc. And make sure they do not have a “parent-friendly” Facebook page just for you to friend. (Yes, they really do that.)

Educate your kids about the importance of appropriate social decorum online, and the long-term impact their digital presence can have on their dreams and career options.

5. Protect Your Child’s Identity

The past two years, the FTC has reported that 8 percent of identity theft cases involve kids. Further, a 2011 study by Carnegie Mellon University discovered that 10.2 percent (4,311) of the children in the report had someone else using their Social Security number – 51 times higher than the 0.2% rate for adults in the same population.

In response to such issues, the Utah Attorney General has started the Child Identity Program (CIP) that provides parents a secure means to place their children in the TransUnion “high risk fraud” database. While this is not available in other states, it is important for parents to monitor their child’s credit regularly by pulling reports from the three major reporting agencies. Individuals are allowed to pull a report once a year for monitoring purposes free of charge.

Consider this case from the Carnegie Mellon report: AllClear ID discovered that a 17-year-old girl has over $725,000 in debt. Her Social Security number was linked to eight different suspects. The suspects opened 42 open accounts including mortgages, auto loans, credit cards, and bills in collections including medical, credit cards, and utilities.

6. Protect Your Child, Period.   

Technology can help us diminish the risk of the most unspeakable tragedies from occurring. Marc Klaas of the KlaasKids Foundation has been working to protect kids since his daughter Polly was kidnapped and murdered twenty years ago. He recently unveiled new technology tools to help parents keep their kids safe and to help find missing children.

The first three hours is the most essential if a child is missing. Polly’s Guardian Angel is the nation’s first parent-initiated missing child smartphone alert application. It’s a smartphone app that empowers parents to instantly mobilize friends, neighbors, and other members of the community to help in the search for a missing child.

The LEO Wristwatch has a titanium infused steel wristwatch/cell phone with a GPS Child Locator that can only be removed by the parent. It includes a 911 panic button if the child is in troubleSearch for other tools you trust to keep you and your children safe online and in the real world.

Originally posted at:

You can visit us at The Cocoon Kids Blog  | CocoonKids on Facebook | CocoonKids on Twitter  | Cocoon on Facebook  | Cocoon on Twitter

Short & Sweet Tips for Traveling Abroad

Treat all your digital devices as though they are completely open to electronic snooping…

Storified by Get Cocoon· Wed, Apr 17 2013 11:43:26

One of the biggest threats to Mac computer users today is the belief that Apple’s operating system is immune to malware and viruse attacks. The Flashback Trojan attack  (April 2012) was a strong reminder to Mac users that third-party software is a vehicle that can and will infect both Windows and Mac computers alike.

[Krebs on Security]: A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java.

10 Ways To Protect Your Mac

1-Back-up-Sunday was World Backup Day - when was the last time you backed up your Mac?

 With Apple’s Time Machine software (OS X 10.5 and above) you can perform full-system and incremental back-ups.

2-Use strong passwords: Check your password at Microsoft, is it strong?

A weak password such as 123456, password, abc123, or using your first name or pet’s name as your password is the Achilles heel of online security. Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

3-Use a firewall & secure your Airport

A firewall is a barrier that can keep destructive forces (hackers, malicious software) from the Internet away from your computer.It can also stop your computer from sending malicious programs to other computers.

To set up the Mac OS X 10.6X and above Firewall:

Click the Apple menu > select System Preferences > select the Security Icon > Click the Firewall Tab > click the *Start Button > Advanced> select your desired Firewall configuration > click OK > close the security pane to save your selections.

* Note: If the Start button is gray, click the lock icon (bottom of window) and enter your administrative password at the prompt.

To secure your Airport:

Change your wireless router password to a strong password and use encryption.

4-Use Anti-virus software and keep it up-to-date.

New viruses and malware is created everyday, so it is important that you keep your antivirus software updated. Sophos Mac Home Addition (free for home users), is simple to install while updating and downloading virus definitions on an hourly basis.

 5-Update OS X and Apps on a regular basis.

-Open software update from the Apple Menu to install updates.

-Open the App Store and download available updates.

6-Disable Automatic File Opening in Safari After Download.

For added security, disable this feature when using Safari > Open Safari Preferences > Click the General Tab > uncheck open safe files after downloading.

Note: If you use Cocoon, all files downloaded from the Internet require user approval.

7-Enable FileVault Encryption.

From the Apple Menu: Open System Preferences > Click on Security & Privacy > Click the FireVault Tab

 8-Enable Anti-Malware Definitions

This should be enabled by default. Double-check your preferences to make sure that it is turned on:

From the Apple Menu: Open System Preferences > Click on Security & Privacy > General Tab > check Automatically update safe downloads list

9-Be responsible with social networking sites.

Social networking sites are rife with rogue apps and Internet scammers that often prey on user’s to spread their wares via permissions granted by the user. With a little education anyone can stay on top of the bad stuff and have a better Internet experience overall.

Subscribing to the Sophos Security Blog and FaceCrooks will keep you aware of the seedy and unsavory side of social media, along with providing great tips on how to stay safe online.

10-Use a layered approach when surfing the web.

 When you browse the web it is easy to land on an unsavory site or get hit by a drive-by-download. Today, the virtual threat landscape needs more protection than an antivirus suite. Many exploits utilize 3rd party browser plugins (Flash, Adobe Reader) and if your operating system or browser has a vulnerability – it can easily become an open door that invites hackers in. Surfing with Cocoon on the web can add an extra layer of protection to secure your browsing experience.

By following the above 10 tips, you will be able to minimize the impact that hackers and malicious software can have on your Mac.

Do you have more Mac Internet safety tips to offer? Please leave a comment at our blog or let us know on Twitter, Facebook, Google+, or Pinterest.

The majority of Internet security risk factors can be controlled with the right tools, the right attitude (a willingness to learn and apply the necessary strategies), and the desire to become proactive versus reactive. Keeping your computer free from badware, malware, botnets, viruses, adware, and a host of other nasties plays an important role in extending some decent net etiquette. 

If you think of  surfing the web as an Interstate and the computers that frequent the web as vehicles – driving a stable vehicle on the Interstate is integral to highway safety. Would you feel safer driving next to a car that is well maintained with a current safety inspection sticker intact, or would you feel safer driving next to that dilapidated hunk-of-junk with four bald tires and no safety inspection sticker?

10 Ways To Protect Your PC

 1-Back-up: How and why you should back up your personal computer.

Though this is one of the most neglected areas of computer maintenance,  it is essential to have a clean back-up source if your system has a hard disk failure (crashes) or your data and system files become compromised by a virus.

2-Use strong passwords: Check your password at Microsoft, is it strong?

A weak password such as 123456, password, abc123, or using your first name or pet’s name as your password is the Achilles heel of online security. Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

3-Use a firewall: What is a firewall?

A firewall is a barrier that can keep destructive forces (hackers, malicious software) from the Internet away from your computer.It can also stop your computer from sending malicious programs to other computers.

4-Use Anti-virus software and keep it up-to-date.  

New viruses and malware is created everyday, so it is important that you keep your definitions updated.

5-Use a reputable malware scanner. Malwarebytes is highly recommended.

6-Don’t use an administrative account to browse the web

Create a new user account with limited rights to surf the web. Since malware requires administrative rights to run on the system – using a nonadministrative account will not enable malicious software to install on your system.

7-Keep your PC operating systems and programs updated.  Secunia PSI is an excellent [Free] option that keeps third-party software updated.

Windows Vista and Windows 7

To turn on Automatic Updates yourself, follow these steps:

1. Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
2. In the left pane, click Change settings.
3. Select the option that you want.
4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK. –Microsoft Support

8-Never download pirated software 

According to The Dangerous world of Counterfeit and Pirated Software, pirated and counterfeit software (i.e. unlicensed software and bogus software pretending to be genuine) has become one of the most reliable fast-tracks to the risk of malware infection. –NetworkWorld

9-Be responsible with social networking sites.

Social networking sites are rife with rogue apps and Internet scammers that often prey on user’s to spread their wares via permissions granted by the user. With a little education anyone can stay on top of the bad stuff and have a better Internet experience overall.

Subscribing to the Sophos Security Blog and FaceCrooks will keep you aware of the seedy and unsavory side of social media, along with providing great tips on how to stay safe online.

10-Use a layered approach when surfing the web.

As an example of using a layered approach: You would use a Internet Security Suite to take care of your antivirus needs, an anti-malware product installed such as Malwarebytes, Secunia PSI to check for vulnerabilities, a link scanner like McAfee SiteAdvisor and use Cocoon to anonymize and protect your web browsing sessions.

 “Layered security is about multiple types of security measures, each protecting against a different vector for attack.” — Chad Perrin, TechRepublic

When you browse the web it is easy to land on an unsavory site or get hit by a drive-by-download. Today, the virtual threat landscape needs more protection than an antivirus suite or antimalware application. Many exploits utilize 3rd party browser plugins (Flash, Adobe Reader) and if your operating system or browser has a vulnerability – it can easily become an open door that invites hackers in.

By following the above 10 tips, you will be able to minimize the impact that hackers and malicious software can have on your PC.

Do you have more PC Internet safety tips to offer? Please leave a comment at our blog or let us know on Twitter, Facebook, Google+, or Pinterest.

Be wary of insidious movie trailer webpages that prompt you to install Free Twit Tube…

If you are browsing on your Mac and see unexpected ads or websites appear, you may be the unlucky recipient of Trojan.Yontoo.1. The Russian anti-virus company, Dr. Web is currently reporting that Trojan.Yontoo.1 installs an adware plugin into OS X web browsers – Chrome, Firefox, or Safari. (Dr. Web is also the same company that reported the Flashback Trojan of 2012).

Here’s how Trojan.Yontoo.1 works. An installer is presented to users as a browser plugin—usually on specially crafted webpages claiming to show movie trailers—but may also present itself as a media player, download accelerator, or “a video quality enhancement program.” The installer asks the user if he or she wants to install an app called Free Twit Tube; at that point, the installer downloads the trojan from the Internet, which installs a plugin for all available browsers, including Safari, Firefox, and Chrome.

From there, the Yontoo trojan monitors your Web browsing and, according to Doctor Web, transmits information about what pages you visit to a remote server. It then injects ads into those pages using third-party code, allowing the attackers to collect unauthorized ad views on nearly any website they please. And yes, that includes Apple’s own website. –Ars Technica

This particular trojan can get onto your Mac in multiple ways. Criminals have so far used movie trailer pages that prompt users to install a browser plugin, a media player, a video quality enhancement program, or a download accelerator. In other words, the usual schemes we’ve seen on Windows. –TNW

Big Red Warning Flag

The user has to actively engage in allowing the browser plugin (Trojan) to download and install. This is not the type of web toy that should be downloaded by Mac users who still believe that Macs are immune from viruses and malware.

There is also a PC version, Yontoo that displays advertisements that appear to be from Facebook.

Adobe has issued an emergency security update for both Adobe Reader and Acrobat 9, 10, and 11. This is a cross-platform update that addresses both Microsoft Windows and Mac OS X computers.

Adobe is aware of reports that two vulnerabilities are being exploited in the wild using targeted attacks that are designed to trick Windows users into opening a malicious PDF file delivered in an email message. Linux and Mac users are not immune to this type of attack and should also update their systems.

 ”The exploit used the two bugs to bypass Adobe Reader 10′s sandbox feature and to sneak past the Protected Mode sandbox in Reader XI — key security features Adobe had added to its apps to prevent malware from poisoned PDFs from spreading to other parts of the machine”. –Dark Reading | Kelly Jackson Higgins

An analysis by security firm Kaspersky Lab revealed that the exploit was sophisticated enough to record keystrokes and steal passwords and information about the system configuration.

“The firm’s researchers said the exploits are being used to gain arbitrary code execution privileges and escape from the Adobe Reader 10 and 11 sandbox, a technology designed to contain attempts to install malicious software”. –Computer Weekly

 Cocoon recommends that you update Adobe software installations immediately.

57 Flaws! All versions of  Microsoft’s Internet Explorer browser are vulnerable to a malware attack.

ZDNet recommends that all users temporarily switch to another browser until Microsoft releases the updates next Tuesday. (Microsoft never releases full details of vulnerabilities until the updates are released).

February’s Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching. –The Register

According to the Sophos blog, next Tuesday’s release will be a monster-sized security patch:

“Patch Tuesday is approaching, and for users of Microsoft’s software it’s going to be a monster. In all, 57 separate security flaws are waiting to be fixed.Perhaps the biggest concern will be related to the security holes in Internet Explorer.”

Adobe Flash is also under attack. Cocoon recommends that you apply the emergency patch IMMEDIATELY.

Adobe issued an emergency update to its Flash Player to fix two zero-day threats, the company announced yesterday. The updates affect all versions of Flash on Windows, Mac, Linux, and Android.–CNET

To see what version of Adobe Flash you are running, check here: http://www.adobe.com/software/flash/about/ and you can update Adobe Flash here: http://get.adobe.com/flashplayer/

Be sure to stay safe online and we hope you have a great weekend!

The Cocoon Team

November 2012

In early November we announced a collaboration with the KlaasKids Foundation. Whether it is identity theft, online tracking, or profiling, the Internet can be an open door to a child’s personal information. That is why Virtual World Computing is working with child-safety advocate Marc Klaas, founder of the KlaasKids Foundation, to establish a free online tool to protect children from predators and abusive marketers.

The KlaasKids Foundation was established in 1994 to give meaning to the death of twelve-year-old Polly Hannah Klaas, (Marc’s daughter) who was kidnapped at knife point from her mother’s home during a slumber party in Petaluma, California, on October 1, 1993. People from her home town and throughout the world helped search for her. Polly’s body was found on December 3, 1993. She was a daughter, a step-sister, a student, a friend, and a grandchild.

With criminals, deviants and sexual predators actively targeting children who browse the web (coupled with the naivety of our children) -as parents, it’s up to us to ensure that our children do not wander into the streets of the world-wild web alone.

In November, we also offered tips on how to avoid the top 5 Black Friday scams and the top 5 Cyber Monday scams. From electronic pickpocketing to email phishing scams – we provided important tips to help everyone stay safe at the mall and online.

Towards the end of November we shared more of our collaboration with the KlaasKids Foundation in hopes of harnessing the power of technology to protect children from predators and abusive marketers. We also revealed that Cocoon for KlaasKids will provide parents with a free browser plug-in designed to protect children from corporate tracking and family computers from malware. Parents can even lock this puppy into “Kid Mode,” ensuring kids only browse a parent-sourced whitelist of recommended, appropriate and safe websites.

December 2012

During the second week of December we posted the Top 10 Security Threats for 2013. With the web picking up traction in the distribution of malware – cybercriminals continue to focus their efforts on exploiting the weakest link. From irreversible malware to premium attack exploit toolkits – the threat landscape of 2013 will continue to amp up the security battleground…

We predicted:

1- More browser-infecting malware
2- More Android mobile madware
3- More IPv6-based attacks
4- More madware (mobile apps)
5- More ransomware
6- More use of legal surveillance tools
7- More targeted spear-phishing attacks
8- More social networking scams
9- More search history poisoning
10-More sophisticated Cybercriminal Attack “Premium” Toolkits

January 2013

Early this month, Vernon Irvin, our President and CEO, introduced CocoonKids for KlaasKids at the KlaasKids Foundation Press Conference in Morgan Hill, California.

CocoonKids for KlaasKids will offer:

Throughout the month of January we are also helping to champion the success of Data Privacy Day by posting daily tips to all our social media sites to get the word out about how important it is to protect our online data.

On January 11 we celebrated the two-year anniversary of Cocoon. The initial idea was developed atVirtual World Computing (VWC) where Co-Founders Jeff Bermant,Founder & Executive Chairman and Brian Fox, Founder & CTO believed that the solution to the web woes of viruses, malware and online tracking was to recreate the browser so that the Internet would never directly touch you.

We would like to thank our online community for supporting Cocoon and helping to spread the word – we could not have done this without you!

Currently we offer Cocoon services via Desktop for Mozilla Firefox,  Internet Explorer, and Google Chrome for Mac beta. We also offer Cocoon for iOS. Our service creates a new way for people to browse the web privately and securely with total freedom from viruses, malware and online tracking. We hide your identity and IP address behind a protective barrier that gives you control over what you choose to share or not share. We  also encrypt your connection to the web and make every site you visit as safe as visiting your online bank.

You can find out more about our product by visiting us here.

 -The Cocoon Team!

You can also visit us  on Twitter, Facebook, Google+, and Pinterest too!

There appears to be plenty of confusion concerning the latest Java zero-day flaw. Some people  think that disabling Java will destroy their ability to peruse the web. Others tend to think that the security experts have it right. Sophos appears to have honed in on the confusion with their explanation that Java is not JavaScript!

Since JavaScript is a browser built-in feature and Java (Oracle) is not – suffice it to say that the two are an entirely different species! Though both are programming languages: JavaScript is a web scripting language and Java is compiled. Only Java 7 that is run in web browsers is affected by this vulnerability.

Q: What is the difference between Java and Javascript?
A: The same as the difference between Mandarin Chinese and American English.

What is all the hoopla about?

According to Roger Grimes at InfoWorld, the sad Java security tale goes like this:

Installed on over 1.1 billion desktops and 3 billion mobile phones, Java is the world’s biggest target for hackers. It has been the top exploit vector for Web browsers for many years. Ask anyone involved with detecting and eradicating malware in the enterprise; Java, they will say, is responsible for most of it.

Homeland Security also posted Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code, advocating that Java should be disabled in all web browsers.

On that same day, Emil Protalinski must have been BBQing Kobe Beef when he posted this to TNW:

It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”

More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit. BitDefender confirmed the alleged addition of the exploit into Cool while security expert Brian Krebs confirmed the BlackHole part, as well as noted its addition into Nuclear Pack.

 A few days later Oracle released Java 7 Update 11  to which Paul Ducklin retorted at the NakedSecurity blog:

 Note that the vulnerabilities Oracle just patched don’t apply to standalone Java applications or server-side Java installs. They apply only to applets, which run inside your browser.

Your browser routinely and unavoidably puts you in harm’s way, since it inevitably downloads and attempts to parse, process and display, untrusted content.

So, even after updating, I recommend that you turn Java off inside your browser unless you know you need it.

It gets worse…

Shortly after Oracle released a Java 7 security update to address two critical zero-day vulnerabilities,  Brian Krebs also reported a new Java zero-day was being sold on the black market for $5000 each.

The Department of Homeland Security (DHS) also stuck to their guns - recommending that users continue to disable Java in their Web browsers (due to attack vulnerabilities that could result in identity theft and other cyber crime). Be sure that you are disabling Java, and not JavaScript!

We recommend that you disable Java:

Chrome: Copy “Chrome://Plugins” (without quotes) to the address bar and click DISABLE next to Java plug-ins.

Firefox Main Menu: Select TOOLS > ADD-ONS > Click the DISABLE button next to Java plug-ins.

Internet Explorer: Follow the instructions at Java.com

Safari: Click Safari in the main menu bar > PREFERENCES > click the SECURITY TAB and uncheck ENABLE JAVA.

–The Cocoon Team!

You can also visit us  on Twitter, Facebook, Google+, or Pinterest!