Tag: Oracle

May 2, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows – CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 […]

October 20, 2021

Just over half of the patches address vulnerabilities that could be exploited remotely without authentication, Oracle announced. Of the 419 new security patches in the October 2021 CPU, 36 deal with critical vulnerabilities, with one of them featuring a CVSS […]

July 22, 2021

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is […]

April 21, 2021

The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10. The most severe of these vulnerabilities could be exploited to execute code remotely within the context […]

February 1, 2021

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean […]

November 12, 2020

Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale (POS) restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed “ModPipe” — impacts Oracle MICROS […]

October 21, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access […]

July 15, 2020

This is a record-breaking CPU not only in terms of number of patches (the first to include over 400 fixes), but also in regard to the amount of critical flaws addressed: approximately 100 of the patches deal with vulnerabilities with […]

January 16, 2020

Cybersecurity is an important aspect and it becomes more precarious when organisations are flocking to the cloud to deploy mission-critical apps. Data is the new oil of the 21st century. The opportunity that the cloud presents also brings in challenges […]

October 7, 2019

ERP applications are ‘critical’ to business operations, according to the IDC survey of 430 IT decision makers. ERP-related breach Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite confirmed that their deployments […]

September 17, 2019

The new services, Oracle Data Safe, Oracle Cloud Guard and Oracle Cloud Maximum Security Zones, deliver centralized security configuration and posture management capabilities, while also automating the enforcement of security practices. The new products operate in the background to gather […]

June 19, 2019

The security hole, tracked as CVE-2019-2729 with a CVSS score of 9.8, impacts WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The flaw was independently reported to Oracle by nearly a dozen researchers. According to Oracle, the vulnerability exists due to a […]

June 17, 2019

Recently a new botnet, tracked Echobot, appeared in the threat landscape its operators are adding new exploits to infect a broad range of systems, including IoT devices, enterprise apps Oracle WebLogic and VMware SD-Wan. The Echobot botnet was first detected […]

April 17, 2019

Oracle is urging customers to patch critical vulnerabilities in its products as part of its massive April update, which fixes a whopping 297 flaws. Of those flaws, 53 vulnerabilities in Oracle products had a CVSS score of 9.0 or higher, […]

March 21, 2019

Apple’s Safari web browser and the Oracle VirtualBox and VMware Workstation virtualization products were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000 in cash. Pwn2Own 2019, which takes place these days […]

March 19, 2019

Oracle announced the general availability of Java SE 12 (JDK 12), continuing the six-month release cadence that provides enterprises and developers faster access to completed enhancements to the popular programming language. The release brings continued improvements to developer productivity, including […]

February 21, 2019

Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues. More business-critical data is finding a new home in the public cloud, which 72% of organizations believe is […]

August 15, 2018

Flaw in the Java VM component of Oracle’s Database Server is easily exploitable, security experts warn. Oracle this week urged organizations to immediately patch a critical vulnerability in multiple versions of Oracle database that gives attackers a way to completely […]

June 25, 2018

Oracle announced on Friday that it has started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown vulnerabilities. Intel, AMD, ARM, IBM, Microsoft and other major tech companies last month coordinated […]

February 15, 2018

Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security. Oracle has agreed to buy Zenedge to ramp up security for its subscription-based cloud infrastructure services, the company announced today. Terms of the deal were not […]