java update | Breaking Cybersecurity News | The Hacker News

The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603 , could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim's system before installing Java 6, 7 or 8. Although the vulnerability is considered relatively complex to exploit, a successful attack results in " complete compromise " of the target's machine. What You Need to Know About the Java Exploit The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website. Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability.

Today, Oracle has released its quarterly Critical Patch Update (CPU) for the month of July, as part of its monthly security bulletin, in which it fixes a total of 113 new security vulnerabilities for hundreds of the company's products. The security update for Oracle's popular browser plug-in Java addresses 20 vulnerabilities in the software, all of which are remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network. MOST CRITICAL ONE TO PATCH FIRST Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. One or more of the Java vulnerabilities received the most "critical" rating according to Oracle's Common Vulnerability Scoring System (CVSS), i.e. base score of 10 or near. Although, numerous other Oracle products and software components addressed in the latest security updates, which address

If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve

It's time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced . From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user. Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashin