Pierluigi Paganini
March 14, 2016
The patch for the critical Java CVE-2013-5838 vulnerability released by Oracle in 2013 is ineffective and can be easily bypassed. Bad news for Java users, in 2013 Oracle released a patch to fix the CVE-2013-5838 vulnerability, but security experts discovered that it could be easily bypassed to compromise the latest versions of the software. This means […]
Pierluigi Paganini
December 31, 2015
Google confirms that the next Android versions will use Oracle’s open-source OpenJDK instead the Java APIs, a strategic choice. Google is leaving Java application programming interfaces (APIs) in future versions of its mobile operating system Android. The company is planning to adopt as an alternative an open source solution. What is this OpenJDK? It is an […]
Pierluigi Paganini
May 28, 2015
SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle PeopleSoft contains unpatched vulnerabilities and weaknesses that could be exploited by attackers to obtain admin passwords. The impact of such vulnerabilities […]
Pierluigi Paganini
January 28, 2015
According to a new series of reports published by Secunia firm, Oracle Java poses the biggest security risks to Desktop machines in the US. According to the a new report published by Secunia security vendor, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x. Oracle Java is […]
Pierluigi Paganini
September 28, 2014
Apple says users of its OS X are “safe by default” from the Bash Bug, meanwhile Oracle warns its customers that 32 products are affected by the flaw. The recently discovered Bash Bug vulnerability is menacing billions of devices that could be exposed to cyber attacks which exploit the flaw, the situation appears to be critical […]
Pierluigi Paganini
June 19, 2014
The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. A report from the Office of the Inspector General (OIG) at DHS titled “Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened” confirms the presence of serious security issues in the […]
Pierluigi Paganini
February 02, 2014
Researcher Dana Taylor is warning on the existence of two critical vulnerabilities in Oracle servers in the wild since a long time. Two serious vulnerabilities affect Oracle’s older database packages, allowing an attacker to remotely access a server bypassing authentication mechanism. Exploiting the flaws the attackers can browse the filesystem of the server accessing any files. […]
Pierluigi Paganini
December 08, 2013
NSS Labs issued the report titled “The Known Unknowns” to explain dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for “cyber conflict” to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided […]
Pierluigi Paganini
February 26, 2013
Java, Java and once again Java, the popular framework and its vulnerabilities are becoming a really nightmare for security experts, billion of users and their machines are exposed to a series of attacks that try to exploit flaws in the Oracle software. Security worldwide community attributes to the Java vulnerabilities the principal responsibilities for recent […]
Pierluigi Paganini
January 12, 2013
The year is start way for Oracle Java platform, a new Java 0-day vulnerability has been discovered and worldwide security community is very concerned on the potential effect of the bug. We have discovered how much dangerous could be the exploit of a zero-day vulnerability especially against institutional targets and governments (e.g. Elderwood project), state-sponsored hackers […]
