TeamSHATTER’s Analysis of the April 2013 Oracle CPU
Posted 62 days ago

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The April 2013 CPU contains 128 fixes across Oracle’s Database, Fusion Middleware, E-Business Suite, Supply Chain,…

Three Credit Reporting Agencies Breached
Posted 98 days ago

The three biggest credit reporting agencies in the U.S. each have reportedly acknowledged intrusions into their systems following the revelation of personal data, including financial information, of celebrities and prominent…

Three Of The Biggest Credit Reporting Agencies Acknowledge Data Breaches
Evernote Hack Affects 50 Million Users
Posted 104 days ago

Tens of millions of online note-takers found themselves worrying about their security Monday, as questions remained about a weekend hack of Evernote.

The online note-taking and archiving service began requiring its…

Evernote Hack Affects 50 Million Users
State Governments Need To Up Security
Posted 110 days ago

The email sent to several thousand of state employees in early February looked official. It featured the state logo and a familiar warning that email access was about to be…

Security Experts Urge State Governments To Up Cyber Security Measures
PreviousNext
RSS

What Every Database Administrator Should Know About Security

[The following is excerpted from "What Every Database Administrator Should Know About Security," a new report posted this week on Dark Reading's Database Security Tech Center.] To say that there is friction between security professionals and database administrators (DBAs) is putting it mildly. Database administrators are both the caretakers of database platforms and the managers of data. Very seldom are they also security experts. In many enterprises, the DBA and the security team find themselves at odds because the DBA is…

Click for complete article >>

De-FUD-ing Privileged User Management

I am proud to write this column for Dark Reading. The biggest reason is I get to share two decades of stuff I’ve seen with databases and security with you, and it starts really good conversations every time I attend security conferences and meet readers face-to-face. I can share perspective, help clarify issues around database threats, and explain the pros and cons of database security products. On occasion, I even get to call BS on things I believe only confuse DBAs and…

Click for complete article >>

TeamSHATTER’s Analysis of the April 2013 Oracle CPUTeam Shatter Exclusive

Posted April 18, 2013 by in Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The April 2013 CPU contains 128 fixes across Oracle’s Database, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, Siebel, Health Sciences, Retail, FLEXCUBE, Primavera, Sun Product Suite, MySQL and Oracle Support Tools product lines. 46 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Three products have fixes for vulnerabilities…

Click for complete article >>

Latest DBMS Security Patch Levels – Updated

TeamSHATTER keeps you up to date with the latest DBMS Security Patch levels to ensure you are protected with the latest security fixes. Last updated 3/21/2013   Oracle   Edition Latest Patch Release Date Comments Database 11g R2 Database 11g R1 Database 10g R2 Critical Patch Update January 2013 January 15th 2013   Database 10gR1 Critical Patch Update January 2012 January 17th 2012 Out of support. This was the final patch for 10gR1. Database 9i Critical Patch Update July 2010…

Click for complete article >>

No Questionable Calls Here: The March Madness Meets Higher Education Data Breach “Brackets” Are Back!Team Shatter Exclusive

march madness

March Madness is here! Yesterday, the NCAA Selection Committee selected 68 teams to participate in this year’s NCAA Division I Men’s Basketball Championship.  While fans across the country are sneaking out of the office to watch games, breaking out the ol’ college sweatshirts, and betting Vegas-style, we are joining the fun for the Third Annual Higher Education Data Breach Madness “Brackets.” Just like in previous years, the data breach madness “bracket” is determined solely by the number of reported breaches…

Click for complete article >>

Three Of The Biggest Credit Reporting Agencies Acknowledge Data Breaches

hacker

The three biggest credit reporting agencies in the U.S. each have reportedly acknowledged intrusions into their systems following the revelation of personal data, including financial information, of celebrities and prominent figures on a website this week. Executives at Equifax, Trans Union and Experian acknowledged the breach to Bloomberg in a report published Tuesday. Tim Klein, a spokesman for Equifax, told the news agency that a hacker gained “fraudulent and unauthorized access” to at least four consumer credit reports at the…

Click for complete article >>

Evernote Hack Affects 50 Million Users

blue screen

Tens of millions of online note-takers found themselves worrying about their security Monday, as questions remained about a weekend hack of Evernote. The online note-taking and archiving service began requiring its 50 million users to reset their passwords Saturday after announcing it was the victim of a security breach, making it the latest tech company in recent weeks to fall victim to hackers. Click for complete article >>

Click for complete article >>

Security Experts Urge State Governments To Up Cyber Security Measures

USA Flag2

The email sent to several thousand of state employees in early February looked official. It featured the state logo and a familiar warning that email access was about to be cut off because the employee’s inbox was too full. The email invited employees to click on a link to solve the problem. If an employee clicked, a screen popped up asking for more data, including the employee’s name, login and password. It was a classic spear-fishing exploit with the hacker’s…

Click for complete article >>

Zendesk Hack Exposes Twitter, Pinterest And Tumblr Data

social media

Customer service software provider Zendesk announced a security breach that allowed attackers into its system, where they could access data from three customers this week. Wired learned those three clients were Twitter, Pinterest and Tumblr. The San Francisco-based company announced the breach in a blog post published early Thursday night. Tumblr notified affected users in an email at approximately 6:35 p.m. PST; Twitter and Pinterest are expected to do so shortly. Zendesk declined to comment beyond its blog post, titled, appropriately,…

Click for complete article >>

Advisory: Oracle Cross-site scripting in OEM (advReplicationAdmin)Team Shatter Exclusive

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to…

Click for complete article >>
Powered by