RSS

Category: General

The TeamSHATTER blog is now part of Spiderlabs – AnteriorTeam Shatter Exclusive

Posted January 20, 2014 by Alex Rothacker in Industy, Team Shatter Exclusive with 0 comments

Many of you are probably already aware of the acquisition of Application Security, Inc. by Trustwave. As part of the acquisition, we are pleased to announce that TeamSHATTER is combining with Trustwave’s SpiderLabs. We are excited by the move, as we become part of a larger and more diverse team of security professionals that focus on penetration testing, incident response, application security and security research. The combined team will be stronger, with enhanced threat intelligence and resources which can only…

Click for complete article >>

TeamSHATTER’s Analysis of the October 2013 Oracle CPUTeam Shatter Exclusive

Posted October 16, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It’s the second Tuesday in October, so it is Oracle Critical Patch Update (CPU) time. The October 2013 CPU contains 127 fixes across Oracle’s Database, Fusion Middleware, Enterprise Manager, E-Business Suite, PeopleSoft, Siebel, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization, and Oracle Java product lines. This is the first CPU to include Java fixes, and with 51 fixes it is a sizable portion of the CPU’s total fixes. 92 of the fixes in this CPU are…

Click for complete article >>

TeamSHATTER’s Analysis of the July 2013 Oracle CPUTeam Shatter Exclusive

Posted July 17, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The July 2013 CPU contains 89 fixes across Oracle’s Database, Fusion Middleware, Hyperion, Enterprise Manager, E-Business Suite, Supply Chain, PeopleSoft, iLearning, Industry Applications Product Suite, Oracle and Sun Systems Product Suite, MySQL and Oracle Linux and Virtualization product lines. 45 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities….

Click for complete article >>

De-FUD-ing Privileged User Management

I am proud to write this column for Dark Reading. The biggest reason is I get to share two decades of stuff I’ve seen with databases and security with you, and it starts really good conversations every time I attend security conferences and meet readers face-to-face. I can share perspective, help clarify issues around database threats, and explain the pros and cons of database security products. On occasion, I even get to call BS on things I believe only confuse DBAs and…

Click for complete article >>

TeamSHATTER’s Analysis of the April 2013 Oracle CPUTeam Shatter Exclusive

Posted April 18, 2013 by Alex Rothacker in Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The April 2013 CPU contains 128 fixes across Oracle’s Database, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, Siebel, Health Sciences, Retail, FLEXCUBE, Primavera, Sun Product Suite, MySQL and Oracle Support Tools product lines. 46 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Three products have fixes for vulnerabilities…

Click for complete article >>

No Questionable Calls Here: The March Madness Meets Higher Education Data Breach “Brackets” Are Back!Team Shatter Exclusive

Posted March 18, 2013 by TeamSHATTER Admin in Data Breach, Database Security, Education, Team Shatter Exclusive, Uncategorized with 2 comments
march madness

March Madness is here! Yesterday, the NCAA Selection Committee selected 68 teams to participate in this year’s NCAA Division I Men’s Basketball Championship.  While fans across the country are sneaking out of the office to watch games, breaking out the ol’ college sweatshirts, and betting Vegas-style, we are joining the fun for the Third Annual Higher Education Data Breach Madness “Brackets.” Just like in previous years, the data breach madness “bracket” is determined solely by the number of reported breaches…

Click for complete article >>

Three Of The Biggest Credit Reporting Agencies Acknowledge Data Breaches

Posted March 13, 2013 by TeamSHATTER Admin in Attack Vectors, Data Breach, Database Security, Hacker News with 0 comments
hacker

The three biggest credit reporting agencies in the U.S. each have reportedly acknowledged intrusions into their systems following the revelation of personal data, including financial information, of celebrities and prominent figures on a website this week. Executives at Equifax, Trans Union and Experian acknowledged the breach to Bloomberg in a report published Tuesday. Tim Klein, a spokesman for Equifax, told the news agency that a hacker gained “fraudulent and unauthorized access” to at least four consumer credit reports at the…

Click for complete article >>

Security Experts Urge State Governments To Up Cyber Security Measures

Posted March 1, 2013 by TeamSHATTER Admin in Attack Vectors, Data Breach, Database Security, Government (State), Hacker News with 0 comments
USA Flag2

The email sent to several thousand of state employees in early February looked official. It featured the state logo and a familiar warning that email access was about to be cut off because the employee’s inbox was too full. The email invited employees to click on a link to solve the problem. If an employee clicked, a screen popped up asking for more data, including the employee’s name, login and password. It was a classic spear-fishing exploit with the hacker’s…

Click for complete article >>

Advisory: Oracle Cross-site scripting in OEM (advReplicationAdmin)Team Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to…

Click for complete article >>

Advisory: Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerabilityTeam Shatter Exclusive

Posted February 20, 2013 by Alex Rothacker in Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Qinglin Jiang of Application Security Inc. Details: Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks…

Click for complete article >>
Powered by