Tag: oracle
-
Oracle VirtualBox licensing tweak lies in wait for the unwary
Tags: oracleJava-like move could land those expecting free trial with a new bill First seen on theregister.com Jump to article: www.theregister.com/2025/07/30/licensing_change_oracle_virtualbox/
-
Oracle/Cerner EHR Hack: Breach Reports Still Trickling In
At Least 410,000 Patients Reported Affected, But Likely Even More Victims. Months after news first broke that a hacking incident compromised legacy patient data hosted by Cerner electronic health record servers that were set to migrate to parent company Oracle’s cloud environment, data breach reports related to the hack are still slowly trickling in to…
-
Microsoft ‘digital escorts’ reveal crucial US counterintelligence blind spot
Tags: access, china, cio, cloud, compliance, country, cyber, cybersecurity, data, defense, firewall, framework, google, government, injection, intelligence, law, microsoft, military, oracle, risk, service, threat, update, vulnerabilityWhat the program was, and how it worked: The digital escort model, according to ProPublica, was designed to comply with federal contracting rules that prohibit foreign nationals from directly accessing sensitive government systems. Under this framework:China-based engineers would file support tickets for tasks such as firewall updates or bug fixes.US-based escorts, often former military personnel…
-
Oracle Patchday Juli 2025 – 309 Sicherheitslücken beim Oracle-Patchday
Tags: oracleFirst seen on security-insider.de Jump to article: www.security-insider.de/oracle-patchday-juli-2025-sicherheitsluecken-geschlossen-a-90eb116e2a6570b704a6fe50e88f999e/
-
Oracle-Lücke birgt Gefahr für RCE-Attacken
Tags: access, bug, cloud, cve, cyberattack, data, exploit, infrastructure, linux, oracle, rce, remote-code-execution, tool, vulnerabilityOracle hat das Sicherheitsproblem im Code Editor bereits gefixt.Forscher von Tenable Research haben eine Sicherheitslücke im Code-Editor von Oracle Cloud Infrastructure (OCI) entdeckt, die Unternehmen für Remote-Code-Execution-Angriffe (RCE) anfällig macht. Die webbasierte integrierte Entwicklungsumgebung (IDI) dient zur Verwaltung von Ressourcen wie Functions, Resource Manager und Data Science und sorgt für nahtlose Entwickler-Workflows.Die enge Integration mit…
-
1-Click Oracle Cloud Code Editor RCE Flaw Allows Malicious File Upload to Shell
Tags: cloud, cyber, flaw, infrastructure, malicious, oracle, rce, remote-code-execution, service, threat, vulnerabilityTenable Research has disclosed a critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure’s Code Editor that enabled attackers to silently hijack victim Cloud Shell environments through a single malicious link. The vulnerability, which has since been remediated by Oracle, could have allowed threat actors to pivot across multiple OCI services and compromise integrated…
-
Oracle Fixes Critical Bug in Cloud Code Editor
The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/oracle-fixes-critical-bug-cloud-code-editor
-
Drive-By Attack Vector Patched in Oracle Code Editor
Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers Found. Exploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle’s console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability. First seen on govinfosecurity.com Jump to…
-
One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE
Attacks could have a wider blast radius: Because Code Editor operates on the same underlying file system as the Cloud Shell, essentially a Linux home directory in the cloud, attackers could tamper with files used by other integrated services. This turns the flaw in the seemingly contained developer tool into an exposure for lateral movement…
-
Oracle Issues Critical Update Fixing 309 Vulnerabilities Across Products
Oracle Corporation released its July 2025 Critical Patch Update, addressing a substantial 309 security vulnerabilities across its extensive product portfolio. This quarterly security release represents one of the most comprehensive patches in recent years, affecting dozens of Oracle’s enterprise software solutions and requiring immediate attention from organizations worldwide. The critical update spans Oracle’s entire technology…
-
Nearly 3 out of 4 Oracle Java users say they’ve been audited in the past 3 years
Big Red’s changes to Java licensing also inspire exodus to open source First seen on theregister.com Jump to article: www.theregister.com/2025/07/15/oracle_java_users_audited/
-
Seychelles Commercial Bank Confirms Customer Data Breach
Hacker Claims to Have Exploited Flaw in Oracle WebLogic Server, Sold Stolen Data. Seychelles Commercial Bank is warning customers that a hacker stole their personal information – but no money – from their accounts after breaching its systems. The hacker involved claims to have stolen and sold two gigabytes of customer data from the bank,…
-
eSIM Bug in Millions of Phones Enables Spying, Takeover
eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/esim-bug-millions-phones-spying-takeover
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
Beyond CVE: The hunt for other sources of vulnerability intel
Tags: advisory, application-security, china, cisa, cve, cyber, cybersecurity, data, exploit, flaw, github, government, guide, infrastructure, intelligence, kev, microsoft, nvd, oracle, ransomware, risk, siem, soar, software, threat, tool, update, vulnerability, zero-dayCurrent alternatives include diverse vendor sources: Independent providers of aggregated vulnerability information such as Flashpoint, VulnCheck, Tenable, BitSight and others are another option. Many of these vendors offer curated datasets that capture vulnerabilities often missed or delayed by CVE, Lefkowitz points out. They also offer critical context such as exploitability, ransomware risk, and social risk.”To…
-
Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-warns-critical-static-credential-vulnerability
-
Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure
Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…
-
Cisco Alerts Users to Critical ISE Vulnerability Exposing Sensitive Data
Cisco has issued a critical security advisory (Advisory ID: cisco-sa-ise-aws-static-cred-FPMjUcm7) for its Identity Services Engine (ISE) when deployed on major cloud platforms”, Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). The vulnerability, tracked as CVE-2025-20286 and classified under CWE-259 (Use of Hard-coded Password), carries a CVSS v3.1 base score of 9.9, indicating…
-
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware. This malware-as-a-service (MaaS) infostealer, also known as LummaC2 Stealer, targets Windows systems to siphon credentials, system data, and cryptocurrency wallets. Investigations conducted in 2025 reveal…
-
Oracle Database TNS vulnerability could leak data to further attacks
First seen on scworld.com Jump to article: www.scworld.com/news/oracle-database-tns-vulnerability-could-leak-data-to-further-attacks
-
European customers report Oracle Cloud identity outage, Big Red is silent
DownDetector reported problems for about 6 hours First seen on theregister.com Jump to article: www.theregister.com/2025/05/19/oci_outage_europe/
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/
-
Pwn2Own Day 1 Windows 11, Red Hat Linux, Oracle VirtualBox Hacked
Security researchers successfully illustrated significant vulnerabilities across several platforms on the first day of Pwn2Own Berlin 2025, taking home a total of $260,000 in prizes. The competition featured 11 different exploit attempts, including the inaugural AI category entries. STAR Labs has taken an early lead in the Master of Pwn competition, showcasing their technical prowess…
-
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/
-
seQure’s Ground-Truth Cybersecurity Platform Launches on Oracle Cloud Infrastructure
First seen on scworld.com Jump to article: www.scworld.com/news/sequres-ground-truth-cybersecurity-platform-launches-on-oracle-cloud-infrastructure
-
Users advised to review Oracle Java use as Big Red’s year end approaches
International Java sales operation and the prospects of audits per-employee license model make the move to open source irresistible First seen on theregister.com Jump to article: www.theregister.com/2025/05/09/users_advised_to_review_oracle_java_use/
-
‘CISOs sprechen heute die Sprache des Business”
Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google CloudAls Senior Director und Leiter des Office of the CISO bei Google Cloud ist es die Aufgabe von Nick Godfrey, das Unternehmen beim Austausch zwischen CISOs rund um die Themen Cloud und Security zu unterstützen. Godfrey, selbst ehemaliger Sicherheitsverantwortlicher bei einem Finanzdienstleister, leitet…