General
From the Web
Oracle - July 2010 Critical Patch Update Released
July 14, 2010 from: The Oracle Global Product Security Blog
Oracle just released the July 2010 Critical Patch Update (CPUJul2010). This Critical Patch Update (CPU) is the second one to include fixes for the Oracle (formerly Sun) Solaris product line and includes 59 security updates
Comments (0)
From the Web
Security Alert for CVE-2010-0886 and CVE-2010-0887 Released
July 06, 2010 from: The Oracle Global Product Security Blog
Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle s...
Comments (0)
From the Web
Internet trading site collective2.com hacked
December 30, 2009 from: Office of Inadequate Security
Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.
Comments (1)
From the Web
October 2009 Critical Patch Update Released
October 20, 2009 from: The Oracle Global Product Security Blog
Today's Oracle Critical Patch Update (CPU) provides 38 new security fixes across a number of product groups including: Oracle Database Server, Oracle Application Server, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle JD Edwards Tools, Oracle WebLogic and Oracle JRockit (formerly from BEA), and Oracle Communications Order and Service Management. Of these 38 vulnerabilities, 19 are re...
Comments (0)
From the Web
Security Defect Testing
October 08, 2009 from: The Oracle Global Product Security Blog
Software vendors aim to release defect-free products. Earlier posts have discussed Oracle Software Security Assurance (OSSA) program and its processes that aim to get us as close to this goal as possible. Automated testing is an important part of OSSA as it helps catch problems missed in earlier stages of the development...
Comments (0)
From the Web
Announcement Regarding The October 2009 Critical Patch Update
September 03, 2009 from: The Oracle Global Product Security Blog
Because many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld on October 11-15, 2009; the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.
Comments (0)
From the Web
Ensuring Critical Patch Update Quality
July 24, 2009 from: The Oracle Global Product Security Blog
A commentary about Oracle's Critical Patch Update (CPU) program works from Eric Maurice of Oracle
Comments (0)
From the Web
July 2009 Critical Patch Update Released
July 14, 2009 from: The Oracle Global Product Security Blog
This Critical Patch Update includes 10 additional fixes for Oracle Database Server. Three of these 10 vulnerabilities are remotely exploitable without authentication. None of these vulnerabilities affect client-only deployments.
Comments (0)
From the Web
April 2009 Critical Patch Update Released
July 03, 2009 from: The Oracle Global Product Security Blog
Are you running Oracle? Then you need to see this latest set of Critical Patches that could affect the security of your Oracle-backed applications
Comments (1)
From the Web
Training development staff in secure coding practices pays huge dividends
July 03, 2009 from: The Oracle Global Product Security Blog
I am often asked what it takes to write secure code. In my experience, developers generally cannot prevent introducing security flaws in their code if they don’t know what to watch out for. It is also my experience that people generally, and developers in particular, want to do the right thing - but they need to know what the right thing is.
Comments (1)
From the Web
The Evolution Of Common Criteria
July 03, 2009 from: The Oracle Global Product Security Blog
Hi, my name is Adam O’Brien. I help guide Oracle products through Common Criteria evaluations. Common Criteria is a worldwide, government-backed scheme for testing the security of a product or system. Essentially, you state what security functions your product should be able to perform, then an independent lab evaluates if the product implements these functions reliably and robustly.
Comments (1)
From the Web
SANS Top 25 Most Dangerous Coding Errors
July 03, 2009 from: The Oracle Global Product Security Blog
Bruce Lowenthal, Director of the Oracle Security Alerts Group, discusses the SANS Top 25 Most Dangerous Programming Errors
Comments (1)
From the Web
Cross-Site Request Forgery – A Significant Threat to Web Applications
July 03, 2009 from: The Oracle Global Product Security Blog
Hi, this is Shaomin Wang. I am a security analyst in Oracle’s Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Cross-Site Request Forgery.
Comments (1)
From the Web
Mysql security risk?
July 03, 2009 from: hackyourself.net
Michael McLaughlin discusses why using 'IDENTIFIED BY password' in MySQL is the new default behavior and why you should leave it that way.
Comments (1)
- Google Skips Chrome 82, Resumes Stable Releases
- Benchmarking the State of the CISO in 2020
- Cyberattacks a Top Concern for Gov Workers
- Hackers Target Online Gambling Sites
- When Data Is Currency, Who’s Responsible for Its Security?
- SEC Shares Cybersecurity and Resiliency Observations
- What Does Being Data-Centric Actually Look Like?
- The Big 3: Top Domain-Based Attack Tactics Threatening Organizations
- Security Compass Receives Funding for Product Development and Expansion
- Password Shaming Isn’t Productive – Passwords Are Scary Business