The TeamSHATTER blog is now part of Spiderlabs – Anterior
The TeamSHATTER blog is now part of Spiderlabs – Anterior
Posted 3 years ago

Many of you are probably already aware of the acquisition of Application Security, Inc. by Trustwave. As part of the acquisition, we are pleased to announce that TeamSHATTER is combining…

TeamSHATTER’s Analysis of the October 2013 Oracle CPU
TeamSHATTER’s Analysis of the October 2013 Oracle CPU
Posted 4 years ago

It’s the second Tuesday in October, so it is Oracle Critical Patch Update (CPU) time. The October 2013 CPU contains 127 fixes across Oracle’s Database, Fusion Middleware, Enterprise Manager, E-Business…

TeamSHATTER’s Analysis of the July 2013 Oracle CPU
TeamSHATTER’s Analysis of the July 2013 Oracle CPU
Posted 4 years ago

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The July 2013 CPU contains 89 fixes across Oracle’s Database, Fusion Middleware, Hyperion, Enterprise Manager, E-Business…

PreviousNext
RSS

Cyberattacks Are Accelerating At Fast Pace

Train Series

Cyberattacks are accelerating at a pace that suggests the Internet — already a risky environment — is likely to pose a steadily growing threat to individuals and companies for years. That’s the somber consensus of security and Internet experts participating in the giant Black Hat cybersecurity conferencethat concluded [in Las Vegas] last week. Internet-generated attacks comprise “the most significant threat we face as a civilized world, other than a weapon of mass destruction,” Shawn Henry, former head of the FBI’s…

Click for complete article >>

CTXSYS.CONTEXT Privilege EscalationTeam Shatter Exclusive

Posted August 1, 2012 by in Oracle, Team Shatter Exclusive with 0 comments

Update: Oracle released a patch for this vulnerability. For details, please see my latest post here.   Last Thursday, at the 2012 Black Hat Conference in Las Vegas, David Litchfield released the details of yet another unpatched Oracle vulnerability.  Litchfield’s presentation was an examination of Oracle index security and provided explanations and demonstrations of various index security issues fixed in recent critical patch updates.  Included were CVE-2010-0902, CVE-2011-3512 and CVE-2012-0552. He also exposed a new O-day vulnerability and provided a…

Click for complete article >>

SQL Injection Attacks Rose 69% In Second Quarter Of 2012

rise

SQL injection (SQLi) attacks rose 69% in the second quarter of 2012 compared with the previous quarter, according to the latest report from secure cloud hosting firm FireHost. FireHost said that, between April and June, it blocked nearly 500,000 attacks by SQLi, a well-known and popular method used by cyber criminals to steal data and among the most malicious and dangerous web-based attacks. SQLi involves entering malicious commands into URLs and text fields on vulnerable websites, usually to steal the…

Click for complete article >>

How Prepared Is America To Deal With A Major Cyber Attack?

USA

The man in charge of America’s cyber operations said that on a scale of one to 10, the nation’s preparedness to deal with a major cyber attack on critical infrastructure sits at a dismal three. “Somebody who finds vulnerability in our infrastructure could cause tremendous problems,” Army Gen. Keith Alexander, Director of the National Security Agency and chief of U.S. Cyber Command, told audience members at the Aspen Institute’s annual security forum late Thursday, according to multiple reports. Alexander said…

Click for complete article >>

Breach Costs Credit Card Processing Agency, Global Payments, $84.4M

money5

Hoping to reassure customers and analysts as soon as possible, Global Payments has released a detailed statement about the data breach that it incurred months ago. The most important facts to know now is that Global Payments is asserting that the breach has been contained and only “Track 2″ data was at risk of being exposed. That means credit card numbers themselves, but not names, addresses and Social Security numbers. Click for complete article >>

Click for complete article >>

Data Security Breach At Oregon State University, Private Information Of 21,000 May Have Been Compromised

OSU

Oregon State Police currently are investigating a security breach by a vendor who, while under contract to Oregon State University, copied information from a check register data base without permission. The action could have compromised the private information of 21,000 students and employees who were associated with OSU between 1996 and 2009. According to Jon Dolan, the chief information security officer at OSU, the contracted vendor who provided immediate check printing services in the cashier’s office copied information on three…

Click for complete article >>

Arrest Made, Charged For Denial-Of-Service Attacks Against Amazon.com

arrest

Officials at the U.S. Department of Justice announced that a Russian man has been arrested in Cyprus in connection with attacks on Amazon.com. The man, Dmitry Olegovich Zubakha, 25, of Moscow, was arrested July 18 on an international warrant. Zubakha was indicted in May of 2011 for launching two denial-of-service (DoS) attacks on the Amazon Website. The indictment, which was unsealed Thursday, also links him to other DoS attacks on Priceline.com and eBay. Click for complete article >>

Click for complete article >>

Gaming Database Hacked, Eight Million Email Addresses And Passwords Spilled Months After Attack

passwords

Call it a slow leak. Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The half-gigabyte collection of stolen user data was posted to a password-cracking forum Inside Pro earlier this month, where it remained online until late last week. PwnedList…

Click for complete article >>

Oracle Customers Need To Move Quickly To Patch High-Risk Vulnerabilities

risk2

Security experts are urging Oracle customers to move quickly on deploying the quarterly Critical Patch Update (CPU) released by the company yesterday, as the updates include fixes for a number of very high-risk vulnerabilities within the Oracle’s Fusion Middleware and database product portfolios. Overall, the CPU included 87 patches across its product lines. Chief among the concerns is a CVSS level 10 vulnerability in JRockit and several database vulnerabilities that could leave users open to denial-of-service (DoS) attacks. Click for…

Click for complete article >>

TeamSHATTER’s Analysis of the July 2012 Oracle CPUTeam Shatter Exclusive

It’s Oracle Critical Patch Update (CPU) Tuesday, so  lace up your patching gloves. The July 2012 CPU contains 87 fixes across Oracle’s Database, Application Express, Secure Backup, Fusion Middleware, Hyperion, Enterprise Manager, E-Business Suite, Supply Chain, People Soft, Siebel Health Sciences, Sun and MySQL product lines. 43 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Two products have fixes for vulnerabilities that…

Click for complete article >>
Powered by