It's been a fairly quiet two years for Java. That's surprising if you think back to early 2013 and the daily stream of catastrophic security flaws being found and (sometimes) fixed in the widespread software.
The negative press got Oracle, Java's developer, to clean up the code and put stronger security in place. It worked and we've enjoyed two-year lull in major Java security problems (Adobe Flash has taken its place). Unfortunately, that lull has come to an end.
The latest version of Java, 1.8, has a major zero-day security flaw that hackers are actively using. In this case, the hackers are a group called Pawn Storm, and they're specifically targeting NATO members and an unnamed U.S. defense organization.
However, just because Pawn Storm is using this flaw for targeted attacks doesn't mean you won't get caught up in it. Once other hackers figure it out, they'll use it to target anyone they can.
Like most Java flaws, the attack relies on directing a victim to a malicious site. The site triggers Java in the browser and uses the security flaw to run hacker-created code that takes over the computer or forces it to download viruses.
The first way to avoid this danger is to avoid suspicious links in unsolicited email. You should also watch out for odd links posted on Facebook, Twitter and other social media sites.
The second way is to disable Java in your browsers. It's a good bet you don't even need Java anymore. In fact, Chrome and Safari already block the Java plug-in by default, but it doesn't hurt to turn it off everywhere.
In Windows 8, right-click in the lower left corner and select Control Panel. Then click Programs and double-click the Java icon. In Windows Vista and 7, go to Start>>Control Panel and click Programs. Then double-click the Java icon. If you don't see the Java icon, then Java isn't installed.
Once the Java configuration screen pops up, go to the Security tab and make sure "Enable Java content in the browser" is unchecked. Then click OK.
To make sure Java really is disabled, you can visit this page and follow the directions. If the page doesn't work, then Java is disabled in your browser.
Of course, you can also uninstall Java entirely. Go back to Control Panel>>Programs and click "Uninstall a program." Find "Java" on the list and uninstall it.