Security News

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. The January 2021 Critical Patch Update addresses issues in both Oracle products and third-party components that are included in the company's products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

Oracle is making its APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily. Oracle APEX Application Development expands on two decades of APEX functionality already used by 500,000 developers as an easy-to-use, browser-based service for creating modern Web and mobile apps.

Oracle announced that Oracle Database 21c, the latest version of the world's leading converged database, is available on Oracle Cloud, including the Always Free tier of Oracle Autonomous Database. "Oracle Database 21c continues our strategy of delivering the world's most powerful converged database engine," said Andrew Mendelsohn, executive vice president, database server technologies, Oracle.

UJET announced its integration with Oracle Cloud CX Service and its availability on Oracle Cloud Marketplace. Oracle Cloud Marketplace is a centralized repository of enterprise applications offered by Oracle and Oracle partners.

Tech giant Oracle Corp. said Friday it will move its headquarters from Silicon Valley to Austin, Texas, and let many employees choose their office locations and decide whether to work from home. "We believe these moves best position Oracle for growth and provide our personnel with more flexibility about where and how they work," the company said in a regulatory filing.

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems. The first attacks targeting it were observed roughly one week after and, in early November, Oracle issued an out-of-band update to address an easy bypass for the initial patch.

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November in the form of an out-of-band security patch.

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago. Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

PCI Pal announced a new collaboration with Oracle to offer its contact center customers additional security and compliance options for Cardholder Not Present payments. Bringing together Oracle's market-leading Enterprise Session Border Controller with PCI Pal's proven PCI compliance solutions, Oracle customers can ensure that their voice interactions and sensitive cardholder data are secure.