Browsing tag
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows – CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) – Apache Log4j2 Deserialization of Untrusted Data Vulnerability […]
Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. “Each virtual disk in Oracle’s cloud has a unique identifier called OCID,” Shir Tamari, head of research at Wiz, said in a series of tweets. “This identifier is not […]
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download […]
When it comes to preventing financial crime such as anti-money laundering, organizations need to make use of a customer screening process that takes human errors into account – Let’s dig deeper! A financial crime and compliance management (FCCM) solution have many components and steps, but as a whole, it is designed to prevent, detect, investigate, […]
Google holds the top slot with over 547 vulnerabilities, Microsoft is on number two with 432 unwanted exposure instances and Oracle is on number three with 316 vulnerabilities in H1 2021. The latest AtlasVPN report analyzes mobile security and common vulnerabilities in the current cybersecurity landscape. The report revealed that in early 2021, Google, Microsoft, and Oracle […]
A research published by vulnerability testing experts at security firm Onapsis claims that multiple vulnerabilities have been discovered in Oracle’s E-Business Suite. If exploited, these flaws would allow threat actors to gain full control of electronic transfers and even print undetected checks. The report mentions that the attack, known as Oracle Payday, involves exploiting two […]
When it comes to whether or not a user is being tracked on the web, the answer is yes, and this even includes the various pornographic websites a user visits. According to a study, various major tech companies such as Google, Facebook, and Oracle can track users when they visit a porn website, even if such […]
A group of web application security experts from Trend Micro firm have detected a hacking campaign against Oracle WebLogic Server implementations to install malicious cryptocurrency mining software. Hackers exploit a vulnerability to install the miner bypassing the detection of system administrators. The National Vulnerability Database (NVD) published last April the security alert regarding a severe […]
A couple of weeks back, a zero-day vulnerability was discovered in Oracle WebLogic Servers that can trigger the deserialization of malicious code and allow hackers to take over the targeted system. Now, a recent report suggests that this zero-day vulnerability has been abused for over a week to infect Oracle WebLogic servers through ransomware. So far, two […]
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware […]
To say that Google knows more about you than you know about yourself would not be an exaggeration. In a fresh attack on Google, Oracle has submitted a 17-page attachment titled “Google’s Shadow Profile” to Australian Competition and Consumer Commission’s digital platform inquiry. Oracle has accused Google of building profiles of Australian users by logging […]
Presence of infected games and apps that are costing innocent users financial and data losses is not a new phenomenon. However, it is indeed surprising that a firm that promises to fight app piracy is itself involved in this horrendous act. According to the latest research from Oracle, there is a new ad fraud campaign […]
The company recommends that system administrators stay on the lookout for the release of update patches During its January update, the Oracle data management system announced that patches will be included to correct 248 new vulnerabilities present in multiple protocols, from the popular Oracle Database System to Solaris, Java and MySQL, as reported by network […]
An independent IT security researcher and exploit developer from Russia has publicly revealed a zero-day vulnerability in all versions of VirtualBox (VB) 5.2.20 and prior. VB is commonly used open source virtualization software that has been developed by Oracle. According to the analysis of Sergey Zelenyuk, his exploit is hundred percent reliable and memory corruption […]
Wolfgang Ettlinger of SEC Consult Vulnerability Lab, information security expert, found vulnerability in Oracle Access Manager that can be exploited remotely to bypass authentication and take over the account of any user or administrator on the affected systems. Professionals tell us that Oracle Access Management provides Web SSO with MFA, general authorization and session management, and standard […]
Short Bytes: The release of Java EE 8 is expected to take place in the upcoming months. With this release, Oracle is also seeking to shift Java EE to some open source foundation. Oracle is thinking about this move to benefit Java EE’s development and bring changes as per industry needs. Red Hat has released […]
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. System and network admins have never been taxed from a patching […]
Short Bytes: Oracle has announced the release of Oracle Linux 6.9. It’s the final update release of Oracle Linux 6 and it ships with Unbreakable Enterprise Kernel and Red Hat Compatible Kernel. The notable feature additions of Oracle Linux 6.9 are TLS 1.2 support, availability of cpuid utility, etc. The interested users can download the ISO files […]
Last October, Dyn, a commercial DNS provider made headlines when it was attacked with a massive Distributed Denial of Service (DDoS) attack. The same company is in the news again but this time for a completely different reason. As surprising as it sounds, it is indeed true that Dyn has been acquired by Oracle. The […]
It was one of those warm summer nights, no clouds, just a bright full moon lighting the way. Someone had unknowingly stumbled upon our honeypot, completely unaware of the fact that her every move was recorded and fully analyzed. Thanks to our deception technology, we could easily reroute the attacker, making her believe she reached […]
Oracle’s Point-of-service Division MICROS Suffers Massive Data Breach Possibly by Russian Hackers This year seems to be the year of data breaches because the trend of hacking full-fledged databases of even the most secure companies is rising at a steady pace. It is a fact that there is no such industry left that hasn’t been […]