Computerworld: Researchers from several security firms are warning about a new attack which targets a vulnerability in Java 7 Update 6, the latest version of Java. The attack code is hosted by a website with a Chinese IP address and delivers malware from servers in Singapore. The malware appears to be a variation of Poison Ivy, a Trojan used for cyberespionage.
"This vulnerability is not a 'memory corruption' type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction," explained Carsten Eiram of security vendor Secunia. "In this specific case a file is downloaded and executed on the user's system when just visiting a web page hosting a malicious applet."
Oracle has not said when it will release a patch for the problem. "We are not aware of any fixes or workarounds except disabling/uninstalling Java," noted Eiram.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.