30 Nov 2022

Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild According to CISA

On Monday, the US Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerability Catalog to include a critical flaw that affects Oracle Fusion Middleware systems. The bug has been confirmed to be exploited in the wild. The CISA stated that the flaw allows unauthenticated attackers with network access

Read More
21 Sep 2022

Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access

A new vulnerability has been disclosed in the Oracle Cloud Infrastructure. According to security researchers at Wiz, the flaw could allow unauthorized access to cloud storage volumes of all users. Therefore, the vulnerability violates cloud isolation. The security flaw has been dubbed AttachMe by researchers and was detailed in an

Read More
14 Sep 2022

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

We have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being

Read More
20 Dec 2021

Oracle to buy medical records company Cerner in its biggest acquisition ever

Enterprise software giant Oracle will buy electronic medical records company Cerner in an all-cash deal for $95 per share, or approximately $28.3 billion in equity value. The deal, expected to close in calendar year 2022, could help Oracle boost its presence in health care by bringing troves of health data to

Read More
22 Oct 2020

Oracle Releases Another Mammoth Security Patch Update

Oracle released a massive critical patch update earlier this week consisting of 402 patches for vulnerabilities across 29 product sets. This marks the second quarter this year that Oracle’s critical patch update (CPU) contained more than 400 fixes. The vulnerabilities fixed this quarter include several issues that would allow for

Read More
25 Sep 2020

TikTok Parent ByteDance Seeks Chinese Approval For U.S. Deal With Oracle, Walmart

After President Trump signed an executive order banning the download or update of Chinese-based social media platform TikTok, its parent company ByteDance entered into a contract with US giants Oracle and Walmart to allow the application to continue operating in the US. ByteDance has now applied for an export license

Read More
12 May 2020

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

Two bugs, CVE-2020-9315 and CVE-2020-9314, found in Oracle’s iPlanet Web Server have been disclosed, both potentially allowing for sensitive data exposure and images onto web pages if exploited. Both vulnerabilities are found in the web administration console of iPlanet version 7, which has reached end-of-life and therefore will not be

Read More
05 May 2020

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle has stated that although it patched the CVE-2020-2883 vulnerability in its April 2020 Critical Patch Update, a proof of concept exploit was published soon after. The company is now advising customers to fast track a patch for the flaw that lies in its WebLogic Server that is still under

Read More
20 Nov 2019

Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws

Oracle patched vulnerabilities that allow potential attackers to access a company’s entire enterprise resource planning solution, but research reports that 50% of over 21,000 organizations that use Oracle EBS for financial management, supply chain management, customer relationship management, and more have not yet deployed the patches. The patches were released

Read More
15 Nov 2018

These Companies Are Pitching AI to the U.S. Military

“While Silicon Valley workers continue to protest their employers selling artificial intelligence products to the U.S. military, the U.S. military is still looking to spend money on AI. The Army Research Lab, the Project Maven team, and the Defense Department’s Joint Artificial Intelligence Center will host technology companies later this month in

Read More