Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID). “OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been…

For the second straight quarter this year, Oracle’s latest critical patch update (CPU) released this week contained more than 400 security patches addressing vulnerabilities in a wide range of the company’s product sets. With 402 patches, Oracle’s October 2020 CPU was slightly smaller than its previous one in July, which contained a record-breaking 444 security…

A veteran of the information security industry, Greg Jensen has spent the last six years at Oracle as the Senior Director of Oracle’s Cloud Security solutions. He’s also the Senior Editor of the Oracle and KPMG Cloud Threat Report, as well as Oracle’s annual CISO Report. “The focus of these efforts is to understand the…

Oracle, Gemalto Downplay Java Card Vulnerabilities

In March, Poland-based Security Explorations reported identifying nearly 20 vulnerabilities in the latest version of Oracle Java Card (version 3.1), including weaknesses that can be exploited to compromise the security of chips using this technology. The firm has continued analyzing the software and it now claims to have found 34 issues. Java Card technology is…

How are businesses facing the cybersecurity challenges of increasing cloud adoption?

Cloud services serve core functions essential to all aspects of business operations, but getting cloud security right is still a challenge for many organizations, the 2019 Cloud Threat Report by Oracle and KPMG has shown. The two companies have asked 450 cyber security and IT professionals from private and public-sector organizations in the US, Canada,…

Critical Vulnerability Patched in Oracle Database

Oracle informed customers late on Friday that its Database product is affected by a critical vulnerability. Patches have been released and users have been advised to install them as soon as possible. The security hole, tracked as CVE-2018-3110 with a CVSS score of 9.9, affects Oracle Database 11.2.0.4 and 12.2.0.1 on Windows. Version 12.1.0.2 on…

Oracle Patches Record 334 Vulnerabilities in July 2018

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication. This month, 23 products from the enterprise security giant were patched, including…