Security News

Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update, including patches for more than 200 bugs that could be exploited remotely without authentication. The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10.

Zimperium announced that it is collaborating with Oracle to offer Zimperium's mobile threat defense solutions on Oracle Cloud Infrastructure. The two companies are working together to help enterprises around the world combat advanced mobile threats.

Knoa announced the availability of its UEM product for Oracle Cloud applications. Knoa UEM for Oracle Cloud enables visibility into employee interactions with the Oracle Cloud applications, user adoption during a new rollout, the level of performance delivered to the end-user, the locations of process bottlenecks and the cause of user experience issues with the software.

Confluent announced Confluent's Premium Connector for Oracle Change Data Capture Source, a bridge for one of the most common and critical sources of enterprise data to connect to Apache Kafka. As the first in a series of Premium Connectors, Confluent makes integrations with complex, high-value systems seamless, reliable, and cost-effective to establish a continuously flowing stream of data that powers the business.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.

To help organizations increase the efficiency of their global supply chains, Oracle announced new logistics capabilities within Oracle Fusion Cloud Supply Chain & Manufacturing. The updates to Oracle Transportation Management and Oracle Global Trade Management, a part of Oracle Cloud SCM, help customers reduce costs, make better planning decisions, and improve customer experience.

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. The January 2021 Critical Patch Update addresses issues in both Oracle products and third-party components that are included in the company's products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

Oracle is making its APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily. Oracle APEX Application Development expands on two decades of APEX functionality already used by 500,000 developers as an easy-to-use, browser-based service for creating modern Web and mobile apps.

Oracle announced that Oracle Database 21c, the latest version of the world's leading converged database, is available on Oracle Cloud, including the Always Free tier of Oracle Autonomous Database. "Oracle Database 21c continues our strategy of delivering the world's most powerful converged database engine," said Andrew Mendelsohn, executive vice president, database server technologies, Oracle.