
Another Java Zero-Day Vulnerability Hits Black Market
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale.
"On Monday, an administrator of an exclusive cybercrime forum posted a message saying he was selling a new Java 0day to a lucky two buyers. The cost: starting at $5,000 each," said security reporter Brian Krebs, who was the first to report the vulnerability sales offer.
What does a starting price of $5,000 buy? "The hacker forum admin's message ... promised weaponized and source code versions of the exploit. Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek