Oracle Archives - Page 2 of 4

Pierluigi Paganini June 16, 2020

BigDebIT flaws in Oracle EBS allow hackers to alter financial records

Oracle addressed two flaws in E-Business Suite solution that can be exploited by attackers to tamper with an organization’s financial records. Oracle addressed two security flaws in its E-Business Suite (EBS) business management solution that could allow attackers to carry out a broad range of malicious activities, including to tamper with an organization’s financial records. […]

Pierluigi Paganini May 01, 2020

Hackers are targeting recently patched WebLogic security vulnerability

Oracle warns of attacks against recently patched WebLogic security bug Oracle warns of attacks in the wild exploiting a recently patched vulnerability in WebLogic servers for which a PoC code is available on GitHub. IT giant Oracle published a security alert to warn organizations running WebLogic servers of ongoing attacks that exploit the CVE-2020-2883 vulnerability. […]

Pierluigi Paganini May 01, 2019

Crooks exploit Oracle WebLogic flaw to deliver Sodinokibi Ransomware

Threat actors are exploiting a recently patched critical Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware to organizations. Threat actors are delivering a new piece of malware, tracked as Sodinokibi, by exploiting a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation, it […]

Pierluigi Paganini April 24, 2019

Zero-day vulnerability in Oracle WebLogic

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]

Pierluigi Paganini April 08, 2019

Unofficial patches released for Java flaws disclosed by Google Project Zero

Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) flaws yet to be fixed discovered by Google Project Zero researcher. Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. The company hasn’t yet released an official update to […]

Pierluigi Paganini January 18, 2019

Oracle critical patch advisory addresses 284 flaws, 33 critical

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload, disclosed in November […]

Pierluigi Paganini October 17, 2018

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept […]

Pierluigi Paganini August 13, 2018

Oracle warns of CVE-2018-3110 Critical Vulnerability in Oracle Database product, patch it now!

Last week Oracle disclosed a critical vulnerability in its Oracle Database product, the issue tracked as CVE-2018-3110 has received a CVSS score of 9.9, On Friday, Oracle released security patches to address a critical vulnerability affecting its Database product, the company is urging install them as soon as possible. The vulnerability resides in the Java VM component […]

Pierluigi Paganini June 25, 2018

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini April 30, 2018

Oracle botches CVE-2018-2628 patch and hackers promptly start scanning for vulnerable WebLogic installs

According to a security expert, Oracle appears to have botched the CVE-2018-2628 fix, this means that attackers could bypass it to take over WebLogic servers. Earlier April, Oracle patched the critical CVE-2018-2628 vulnerability in Oracle WebLogic server, but an Alibaba security researcher @pyn3rd discovered that the proposed fix could be bypassed. https://twitter.com/pyn3rd/status/990114565219344384 The CVE-2018-2628 flaw was […]

Oracle

BigDebIT flaws in Oracle EBS allow hackers to alter financial records

Hackers are targeting recently patched WebLogic security vulnerability

Crooks exploit Oracle WebLogic flaw to deliver Sodinokibi Ransomware

Zero-day vulnerability in Oracle WebLogic

Unofficial patches released for Java flaws disclosed by Google Project Zero

Oracle critical patch advisory addresses 284 flaws, 33 critical

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Oracle warns of CVE-2018-3110 Critical Vulnerability in Oracle Database product, patch it now!

Oracle issued security patches for recently discovered Spectre and Meltdown issues

Oracle botches CVE-2018-2628 patch and hackers promptly start scanning for vulnerable WebLogic installs

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

DOJ takes action against 22-year-old running RapperBot Botnet

Google fixed Chrome flaw found by Big Sleep AI

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

QUICK LINKS

Oracle

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!