Security News

NETSCOUT SYSTEMS announced that it is collaborating with Oracle to help customers gain end-to-end visibility for service assurance and security of mission-critical applications and services across their hybrid cloud infrastructures. NETSCOUT's vSTREAM and virtual nGeniusONE are now available from the Oracle Cloud Marketplace, offering Oracle Cloud customers best-in-class application visibility and the ability to leverage authentic information contained in application and network traffic for real-time telemetry.

CoreSite announced it will offer on-demand connectivity to Oracle Cloud through Oracle Cloud Infrastructure FastConnect on the CoreSite Open Cloud Exchange. CoreSite's cloud-enabled data center campuses now offer low-latency connectivity to each of the Oracle Cloud regions in the United States located in Ashburn, VA and Phoenix, AZ. Oracle customers can harness the power of scalable, low-latency, hybrid architectures at CoreSite to unlock innovation and drive business growth.

Two vulnerabilities patched recently by Oracle in its E-Business Suite solution can be exploited by hackers for various purposes, including to tamper with an organization's financial records. Researchers at Onapsis, a company that specializes in protecting business-critical applications, last year discovered several vulnerabilities in Oracle EBS. Some of the flaws were patched by the vendor in April 2019, but two of them, which Onapsis has dubbed "BigDebIT," were only fixed with the critical patch update released by Oracle in January 2020.

If your business operations and security of sensitive data rely on Oracle's E-Business Suite, make sure you recently updated and are running the latest available version of the software. It's worth noting that the BigDebIT attack vectors add to the already reported PAYDAY vulnerabilities in EBS discovered by Onapsis three years ago, following which Oracle released a series of patches as late as April 2019.Targeting General Ledger for Financial Fraud Tracked as CVE-2020-2586 and CVE-2020-2587, the new flaws reside in its Oracle Human Resources Management System in a component called Hierarchy Diagrammer that enables users to create organization and position hierarchies associated with an enterprise.

A pair of vulnerabilities in Oracle's iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. The bugs are specifically found in the web administration console of iPlanet version 7, which has reached end-of-life and is no longer supported - hence no patches.

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Oracle warned customers on Thursday that threat actors have been spotted attempting to exploit multiple recently patched vulnerabilities, including a critical WebLogic Server flaw tracked as CVE-2020-2883. Oracle's April 2020 Critical Patch Update resolves nearly 400 vulnerabilities, including CVE-2020-2883, a critical flaw in Oracle WebLogic Server that can be exploited by an unauthenticated attacker for remote code execution.

Oracle this week released its April 2020 collection of security patches, which includes a total of 397 fixes for vulnerabilities affecting two dozen products. Roughly 60 of the newly addressed vulnerabilities are considered critical severity, with more than 55 of them featuring a CVSS score of 9.8.

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.