Four of the top five most targeted vulnerabilities for the first half of the year were found in the Java development platform, according to a recent report by computer security firm F-Secure Corp.

It’s not really surprising that attackers are attracted to Java because after all “next to the Windows operating system (also a popular target for exploits), Java is probably the second most ubiquitous program in an organization’s IT setup,” F-Secure said in statement.

The security firm’s threat report indicates that the vulnerabilities were in Java’s Runtime Environment (JRE) or the browser plug-in.

“Unfortunately, removing either the runtime or plug-in may not be a feasible option for most companies that use Java in business critical instances,” the report said.

Other options such as a combination of re-adjusting Java’s security settings, configuring Web browser settings to minimize unwanted applet executions, or installing a third-party plug and monitoring network traffic, may help.

The report said that 70 per cent of the exploits they uncovered were carried out with these five kits:

  • BlackHole
  • SweetOrange
  • Crimeboss
  • Styx
  • Cool

F-Secure’s threat report also discussed the latest Mac malware and security issues around the crypto-based digital currency Bitcoin.

Read the whole story here