Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for April 2012. Oracle CPUs are collections of security updates, which fix security flaws in the wide-range of products Oracle offers. According to their April advisory, this quarter's CPU fixes 88 vulnerabilities in many of their products, including Oracle Database Oracle Application Server Oracle … [Read more...]
WatchGuard Security Week in Review: Episode 6
Government Cyber Privacy Policy, Web Breaches, RSA Key Flaw Updates, and More Are you sick of Anonymous-related news? Well, I am. In this week's WatchGuard Security Week in Review, I purposely ignore Anonymous stories to talk about other security news. If you are interested in new government cyber policies, major web breaches, or FBI controlled malware networks, watch this … [Read more...]
Oracle Shores Up 14 Major Java Vulnerabilities
Severity: High Summary: These vulnerabilities affect: All versions of Sun Java Runtime Environment (JRE) and Java Development Kit (JDK) released before today How an attacker exploits them: Typically by luring your users to a malicious web page containing specially crafted Java Impact: Various results; in the worst case, an attacker can gain complete control of your … [Read more...]
Patch IE To Avoid Drive-by Downloads
Severity: High Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows (to varying extents) How an attacker exploits it: By enticing one of your users to visit a malicious web page Impact: Various; in the worst case an attacker can execute code on your user's computer, gaining complete control of it What to … [Read more...]
Automated SQLi Attack Hijacks Over 1 Million Websites
In past, malicious web sites seemed relegated to the "bad neighborhoods" of the Internet. If you weren't surfing piracy, pornography, or hacking sites, you probably wouldn't have randomly encountered websites serving malicious code back then. Unfortunately, that has changed. Over the years, legitimate web sites have increasingly been hijacked, and booby-trapped with malicious … [Read more...]