This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Java zero day exploit

New Java Zero-Day Exploit Shows Multi-Platform Development - The Mac Security Blog

Java zero day vulnerability actively used in targeted attacks | ZDNet

Java zero day allegedly spotted in the wild | ZDNet

Question to get the discussion going on how this UTM can protect us against this attack.

1) How do you know if your Astaro IPS would be protecting you against this?

2) Avira AV?

3) SOPHOS AV?

4) SOPHOS End Point Security and Control.

This thread was automatically locked due to age.

Parents

0 Amodin over 13 years ago

From my understanding, the Sophos updates are a 'live update' meaning that Sophos has 24/7 updating going on with the signatures for their AV products, which include the Astaro features and Endpoint Protection clients. So, as soon as they identify it and can apply a signature for it, it will be distributed and you may actually see the version, date, etc. posted.

For now, I will just tell Astaro to block all Java. [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 rprengel over 13 years ago in reply to Amodin

From my understanding, the Sophos updates are a 'live update' meaning that Sophos has 24/7 updating going on with the signatures for their AV products, which include the Astaro features and Endpoint Protection clients. So, as soon as they identify it and can apply a signature for it, it will be distributed and you may actually see the version, date, etc. posted.

For now, I will just tell Astaro to block all Java. [:)]

ok,
how can I block all java?

ralf
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 13 years ago in reply to rprengel

The HTTP/S Proxy has an option to remove Java Content in the configuration section.
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 13 years ago in reply to BrucekConvergent

The HTTP/S Proxy has an option to remove Java Content in the configuration section.

That's a rather large hammer..i think that blocks EVERYTHING and not just java.
Remove embedded objects (ActiveX/Java/Flash)

at least in v8. unfortunately that's the only way to kill java in v8. I've not tested v9 yet.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 13 years ago in reply to BrucekConvergent

The HTTP/S Proxy has an option to remove Java Content in the configuration section.

That's a rather large hammer..i think that blocks EVERYTHING and not just java.
Remove embedded objects (ActiveX/Java/Flash)

at least in v8. unfortunately that's the only way to kill java in v8. I've not tested v9 yet.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Alvin over 13 years ago in reply to William Warren

I seriously do not like the idea that it is so hard for me to know for sure that the UTM is capable of blocking this.

Look at Symantec and Trend Micro, they would describe below the Threat how their various products would defend this, any recommended settings, what to look out for for signs of successful attacks etc.

INCOMING ATTACK !

Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:Java Zero-Day - First Outbreak

Hey Guys - I am adding thet list of domains to be blocked at the Packet Filter to block ANY TO and ANY FROM the Malicious Domain = DROP.

Any other settings ?

No Idea if SOPHOS Content Filtering added it.

Zero-day Java flaw exploited in targeted tax email malware attack | Naked Security

Java Runtime Environment 1.7 Zero-Day Exploit Delivers Backdoor | Malware Blog | Trend Micro

OSX/Tsunami Variant Found Dropped by Java 0-Day - The Mac Security Blog
Cancel
Vote Up 0 Vote Down

Cancel