Security News

Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server. "This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.

92 percent of organizations admit that they face a cloud security readiness gap. IoT in all its flavors exposes companies and consumers alike to a wide range of security threats.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

In today's perilous cyber world, companies must carefully check their vendors' cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. These can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant.

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.

Federal IT leaders across the country voiced the importance of network visibility in managing and securing their agencies' increasingly complex and hybrid networks, according to Riverbed. Of 200 participating federal government IT decision makers and influencers, 90 percent consider their networks to be moderately-to-highly complex, and 32 percent say that increasing network complexity is the greatest challenge an IT professional without visibility faces in their agency when managing the network.

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. During the session Gordeychik demonstrated how NVIDIA DGX GPU servers used in machine learning frameworks, data processing pipelines and applications such as medical imaging and face recognition powered CCTV - could be tampered with by an adversary.

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. During the session Gordeychik demonstrated how NVIDIA DGX GPU servers used in machine learning frameworks, data processing pipelines and applications such as medical imaging and face recognition powered CCTV - could be tampered with by an adversary.

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.