oracle | Breaking Cybersecurity News | The Hacker News

It's time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced . From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user. Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashin

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and  FireEye warned that the   vulnerability is being exploited to install a remote-access trojan dubbed McRat , researchers from security firm. " Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process," "After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero. " The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last mont

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

A Polish security firm ' Security Explorations' reported two new Java zero-day vulnerabilities , as " issue 54 " and "issue 55 ," with proof of concept code to Oracle. Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak  have found two previously unknown security issues affecting Java 7. Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook , Apple and Microsoft. Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack

Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen in the wild dropping ransomware and assorted other malware. Security Alert CVE-2013-0422  include two vulnerabilities that are remotely executable. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java. Java is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. Similarly, Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that's left thousands of computers wide open to malicious attacks from hackers. Lamar Bailey , director of security research and development for nCircle  said, " We

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying a " Missing Plug-in " notification. The Apple Support page states that this update is for OS X 10.7 and later. Apart from stripping browsers of the Java plug-in, it also removes the Java Preferences application, since it is no longer required for applet setting configuration. Just to be clear, the update does not remove Java from your system if its installed, just the Java plugin from your web browsers. In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however,

This afternoon I just got a ping from one of my Friend that Oracle website compromised. Its hard to believe that ORACLE can be compromised ? So lets explore that what going on: Oracle.com , Website Oracle Corporation ,  ( an American multinational computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems ) homepage showing just " HELLO WORLD " text on page. I tried to open it via mobile, it redirect me to mobile version at  Oracle.mobi , Yes its working fine as normal. Then we start moving on Twitter to find out whats going on, Lots of people tweeting about this and everyone seems to be confused that IS IT A HACK ? or the site is Under Maintenance ? Okay, Next I move to ORACLE twitter accounts @Oracle @OracleDatabase to find out either they have tweeted about this Strange update or not , But there was no tweet from their side from last 12 H