Blog Posts Tagged with "Oracle"
Oracle CPU Preview: What to Expect in the October 2017 Critical Patch Update
October 17, 2017 Added by:James E. Lee
In a pre-release statement, Oracle has revealed that the October Critical Patch Update (CPU) is likely to see nearly two dozen fixes to Java SE, the most common language used for web applications.
Comments (0)
The Upcoming Oracle CPU: Struggling to Keep Pace with Vulnerabilities
June 28, 2017 Added by:James E. Lee
Oracle's April 2017 update was its largest CPU to date. With the next CPU landing on July 18, there’s plenty to consider.
Comments (0)
Advice Regarding Recent Java Vulnerabilities
October 17, 2012 Added by:Fergal Glynn
By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around in the form of active, in-the-wild attack campaigns, as well as penetration testing tools...
Comments (0)
Oracle Security Alert Analysis
August 19, 2012 Added by:Alexander Rothacker
So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...
Comments (0)
Analysis of the April 2012 CPU for the Oracle Database
April 23, 2012 Added by:Alexander Rothacker
It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...
Comments (0)
Oracle Releases Critical Patch Updates for April 2012
April 18, 2012 Added by:Headlines
Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks...
Comments (0)
Apple: Critical Update for Java for OS X Lion and Mac OS X
April 04, 2012 Added by:Headlines
"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."
Comments (0)
TeamSHATTER: Analysis of the January 2012 Oracle CPU
January 18, 2012 Added by:Alexander Rothacker
This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...
Comments (0)
Analysis of the October 2011 Oracle CPU Database Patches
October 19, 2011 Added by:Alexander Rothacker
Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...
Comments (0)
The CERT Oracle Secure Coding Standard for Java
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
Comments (0)
Keeping Privileged Users Under Control in Oracle Database
October 03, 2011 Added by:Esteban Martinez Fayo
SYSDBA privilege has unlimited access to all data and can make any configuration change. With DatabaseVault installed, it is possible to restrict SYSDBA users from accessing certain data but the protection is not complete. There are ways to bypass the defenses and compromise the data...
Comments (1)
Auditing vs. Secure Software - An Inconvenient Argument
September 19, 2011 Added by:Rafal Los
You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...
Comments (0)
TomorrowNow Sentenced on Computer Intrusion Charges
September 19, 2011 Added by:Headlines
TomorrowNow, Inc., a non-operating subsidiary of SAP, today was sentenced to probation and ordered to pay a fine to the United States of $20 million for unauthorized access to computer servers belonging to Oracle Corporation (Oracle) and for willfully infringing copyrights held by Oracle...
Comments (0)
Native Auditing In Modern Relational Database Management
August 03, 2011 Added by:Alexander Rothacker
Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...
Comments (3)
TeamSHATTER Analysis Of The July 2011 Oracle CPU
July 31, 2011 Added by:Alexander Rothacker
With ‘unbreakable’ timeliness, Oracle released their 27th Critical Patch Update. They shipped 78 security fixes over all their product families. Sixteen of the fixes are specific to the Oracle Database, but a total of 30 fixes have an impact on database confidentiality, integrity or availability...
Comments (0)
SQL Injections In Stored Procedures
May 25, 2011 Added by:Alexander Rothacker
This post discusses how SQL injection in stored procedures could be exploited in Microsoft SQL Server, Oracle, and Sybase ASE databases. SQL injection is an attack that allows an unprivileged user to execute SQL code with elevated privileges due to a bug in the input sanitation...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider