Security News

Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations. Java 15-18 ECDSA doesn't sanity check that the random x coordinate and signature proof are nonzero; a signature validates any message.

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads.

A recent AtlasVPN report highlights the companies that have amassed the most security vulnerabilities through the first half of 2021. In the first six months of 2021, Google and Microsoft have "Accumulated the most vulnerabilities," according to Atlas VPN findings based on a recent Telefonica Tech report.

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. "Microsoft recognizes that the user experience when running the Windows 11 in virtualized environments may vary from the experience when running non-virtualized. So, while Microsoft recommends that all virtualized instances of the Windows 11 follow the same minimum hardware requirements as described in Section 1.2, the Windows 11 does not apply the hardware-compliance check for virtualized instances either during setup or upgrade," explains Microsoft in their Windows 11 minimum hardware requirements document.

Oracle announced availability of MySQL Autopilot, a new component of MySQL HeatWave service, the in-memory query acceleration engine for MySQL Database Service in Oracle Cloud Infrastructure. MySQL Autopilot makes the HeatWave query optimizer increasingly intelligent as more queries are executed, resulting in continually improving system performance over time-a capability not available on Amazon Aurora, Amazon Redshift, Snowflake, or other MySQL-based database services.

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.

Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update. The most severe of these issues is CVE-2021-2244, a security bug in the Essbase Analytic Provider Services product of Oracle Essbase that could be exploited remotely without authentication and which could lead to the complete takeover of the affected product.

"As organizations across Canada continue to accelerate their technology transformation programs, we anticipate the demand for Oracle solutions to grow significantly," said Jeffrey Russell, president of Accenture in Canada. Jennifer Jackson, Accenture Technology lead for Canada, said, "Cloudworks is a well-known Oracle services provider that has worked with organizations across Canada and across industries. We are thrilled to grow our Technology practice in Canada with the Cloudworks team who strengthen our ability to meet the growing need from Canadian organizations to unleash the power of cloud, data and innovation to create truly future-ready organizations."

MariaDB announced the general availability of MariaDB Community Server 10.6, a major new release that brings significant advancements to the open source MariaDB community. MariaDB Community Server 10.6 adds important features for developers with JSON table functionality, frees users from expensive proprietary ties with expanded PL/SQL compatibility and adds powerful insurance for bad database days with atomic DDL that supports MariaDB's multiple storage engine architecture.

Wipro announced it is collaborating with Oracle to launch Wipro Zero Cost Transformation, a new offering that helps organizations migrate to the cloud. With Wipro's Zero Cost Transformation, companies can migrate their workloads to Oracle Cloud Infrastructure with lower cost, shift from a Capital expenditures to Operating expenses model, and benefit from application and infrastructure support provided under a managed-services framework.