HackDig : Dig high-quality web security articles for hacker

Adobe, MS Push Patches, Oracle Drops Drama

Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand gr
Publish At:2015-08-12 07:10 | Read:1667 | Comments:0 | Tags:Time to Patch 18.0.0.232 adobe adobe flash player CVE-2015-1

Oracle security chief to customers: Stop checking our code for vulnerabilities

Oracle's chief security officer is tired of customers performing their own security tests on Oracle software, and she's not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.Perhaps thinking that all the security researchers in the world were busy recovering from Bla
Publish At:2015-08-11 19:40 | Read:946 | Comments:0 | Tags:Risk Assessment Technology Lab auditing oracle software lice

Office, Java Patches Erase Latest APT 28 Zero Days

An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months.Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a state-sponsored cyberespionage team. Nonetheless, APT 28, also kn
Publish At:2015-07-16 17:20 | Read:787 | Comments:0 | Tags:Malware Microsoft Vulnerabilities Brian Bartholomew Flash ze

July 2015 Patch Tuesday: Microsoft, Adobe, and Oracle Roll out Security Patches for Zero-Day Vulnerabilities

July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported. In this month’s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘criti
Publish At:2015-07-16 05:55 | Read:1091 | Comments:0 | Tags:Vulnerabilities Adobe July Microsoft Oracle Patch Tuesday ze

Oracle Patches Java Zero Day

Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign.The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart of the July update. There
Publish At:2015-07-16 00:10 | Read:1360 | Comments:0 | Tags:Vulnerabilities Web Security Java Oracle vulnerabilities Web

Java Zero-Day Bug, 192 Other Security Vulnerabilities Fixed by Oracle Critical Patch Update

Oracle has released its July 2015 Critical Patch Update that provides fixes for 193 security vulnerabilities, including a zero-day vulnerability recently discovered in Java.According to a post published on Oracle’s blog, the update contains patches for a number of applications, such as Oracle Database, for which there are provided 10 security fixes inc
Publish At:2015-07-15 23:00 | Read:1911 | Comments:0 | Tags:Latest Security News Hacking Team Java July 2015 Critical Pa

Adobe, MS, Oracle Push Critical Security Fixes

This being the second Tuesday of the month, it’s officially Patch Tuesday. But it’s not just Microsoft Windows users who need to update today: Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Separately, Oracle issued a critical patch update
Publish At:2015-07-14 21:35 | Read:1025 | Comments:0 | Tags:Security Tools Time to Patch adobe Flash 18.0.0.209 Flash Pl

What’s Left Behind: Oracle TNS Listener Log Files After an IP360 Scan

Ever looked at the messages in the Oracle listener logs generated by Tripwire IP360 scans and wondered what was going on?The most common one you see probably looks something like this:01-JUN-2015 12:39:37 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189TNS-01189: The listener could not authenticate the user TNS-01169: The listener has not recognized the p
Publish At:2015-06-09 12:36 | Read:994 | Comments:0 | Tags:Vulnerability Management Oracle Tripwire IP360

Oracle PeopleSoft admin credentials open to hackers

SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle PeopleSoft contains unpatched vulnerabilities and weaknesses that could be exploited b
Publish At:2015-05-28 15:50 | Read:1312 | Comments:0 | Tags:Breaking News Hacking Oracle password PeopleSoft

Oracle Issues Critical Updates for Java, Releases Java SE 8u45

Oracle has released an update for Java SE that addresses 14 security bugs, all of which may be exploitable over a network without the need for a username and password.With this update, after April 2015, Oracle will no longer post updates of Java SE 7 to its public download sites. Since January 2015, Oracle has been migrating Java 7 users who have the auto-up
Publish At:2015-04-16 01:15 | Read:1376 | Comments:0 | Tags:Security News Java Java 8 Java SE 8u45 Oracle

Oracle CPU Delivers 98 Fixes Across Product Line

Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few.One of the most pressing issues the update resolves is a vulnerability (CVE-2015-0457) that affects Oracle
Publish At:2015-04-15 17:55 | Read:957 | Comments:0 | Tags:Vulnerabilities GHOST Java SE Oracle oracle database Patch m

Critical Updates for Windows, Flash, Java

Get your patch chops on people, because chances are you’re running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows a
Publish At:2015-04-14 16:30 | Read:1191 | Comments:0 | Tags:Security Tools The Coming Storm Time to Patch adobe Adobe Fl

VMware Fixes Java Information Disclosure Vulnerability

Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle’s Java runtime environment (JRE).The update essentially installs the latest version of JRE into VMware systems where the old version of JRE was affected by CVE-2014-6593. The newer JRE versions fix other bug
Publish At:2015-04-03 17:35 | Read:1013 | Comments:0 | Tags:Virtualization Vulnerabilities Java jre Oracle vmware Vulner

A Look Inside the Ask Toolbar Installed with Java for Mac

It's back! And it's likely here to stay. A few weeks ago, Intego pointed out that Mac users were no longer being offered to install the Ask toolbar during the installation of Java for Mac. At that time, the Ask toolbar had mysteriously disappeared from Java installations.We suspect that, due to media backlash, Oracle temporarily suspended the process that al
Publish At:2015-03-24 08:20 | Read:1354 | Comments:0 | Tags:Security News Software & Apps Adware Ask Toolbars Ask.com Ja

Java for Mac and the Mysterious Ask.com Toolbar

Last week, security specialists, Mac enthusiasts and tech journalists all swirled around Oracle after a discovery that Java for Mac now includes an Ask.com toolbar during installation. Rich Trouton, a Mac systems admin who runs the Der Founder blog, discovered that the latest Java SE 8u40 installer is also installing an Ask.com toolbar.Intego took a close lo
Publish At:2015-03-14 08:20 | Read:1256 | Comments:0 | Tags:Security News Adware Ask Search Toolbar Ask Shopping Toolbar

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud