Security Updates Available for Adobe Reader and Acrobat

Posts Tagged ‘oracle’

Security Updates Available for Adobe Reader and Acrobat

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

Original release date: May 16, 2013 Adobe has released security updates for Adobe Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system

Microsoft Releases May 2013 Security Bulletin

By Perry Varanoid on Thursday, May 9th, 2013 | No Comments

Original release date: May 09, 2013 | Last revised: May 14, 2013 Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, Office, and Windows Essentials as part of the Microsoft Security Bulletin Summary for May 2013 . These vulnerabilities could allow remote code execution, denial of service, spoofing, information disclosure, or elevation of privilege.

Adobe Releases Security Advisory for ColdFusion

By Perry Varanoid on Thursday, May 9th, 2013 | No Comments

Original release date: May 09, 2013 Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server. There are reports that an exploit of this vulnerability is publicly available

"De Flashing" the ISC Web Site and Flash XSS issues, (Wed, May 8th)

By Perry Varanoid on Wednesday, May 8th, 2013 | No Comments

You may have noticed that earlier today, I removed the flash player that we use to play audio files on our site. The trigger for this was a report that the particular flash player we use (an open source player usually used with Wordpress) is suscepible to cross site scripting [1][2]. Instead of upgrading to the newer (patched) version, we instead decided to remove the player. The other part of this is that pretty much all current browsers do have reasonable support for HTML 5 audio tags.

SB13-112: Vulnerability Summary for the Week of April 15, 2013

By Perry Varanoid on Monday, April 22nd, 2013 | No Comments

Original release date: April 22, 2013 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT)

Java 8 release schedule delayed for renewed focus on security, (Fri, Apr 19th)

By Perry Varanoid on Friday, April 19th, 2013 | No Comments

ISC Handler Rob V pointed out a blog post from Oracle's Mark Reinhold stating that Oracle has “mounted an intense effort to address those issues in a series of critical-patch update releases” and that they've also upgraded their “development processes to increase the level of scrutiny applied to new code, so that new code doesn’t introduce new vulnerabilities.” Framing statements state that Oracle: is committed to continue fixing security issues at an accelerated pace will enhance the Java security model will introduce new security features recoginizes that more engineer hours are required than can be freed up by dropping features from Java 8 or otherwise reducing the scope of the release at this stage As such, the likely release of Java 8 will be in the first quarter of 2014 (had been intended for September 2013). Read the full article for yourself here: http://mreinhold.org/blog/secure-the-train Russ McRee | @holisticinfosec (c) SANS Internet Storm Center.

Scams Exploiting Boston Marathon Explosion

By Perry Varanoid on Wednesday, April 17th, 2013 | No Comments

Original release date: April 17, 2013 Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the explosions or looking to contribute to fundraising efforts. For example, the Twitter account @_BostonMarathon was created shortly after the explosions took place. The account stated it would donate $1 for each retweet and was crafted to closely resemble the legitimate Boston Marathon Twitter account (@BostonMarathon).

Oracle Releases April 2013 Security Advisory

By Perry Varanoid on Wednesday, April 17th, 2013 | No Comments

Original release date: April 17, 2013 Oracle has released its Critical Patch Update for April 2013 to address 128 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 29 for Oracle Fusion Middleware 6 for Oracle E-Business Suite 3 for Oracle Supply Chain Products Suite 11 for Oracle PeopleSoft Products 8 for Oracle Siebel CRM 3 for Oracle Industry Applications 18 for Oracle Financial Services Software 2 for Oracle Primavera Products Suite 16 for Oracle and Sun Systems Products Suite 2 for Oracle Sun Middleware Products 25 for Oracle MySQL 1 for Oracle Support Tools US-CERT encourages users and administrators to review the April 2013 Critical Patch Update and follow best practice security policies to determine which updates should be applied.

ISC StormCast for Wednesday, April 17th 2013 http://isc.sans.edu/podcastdetail.html?id=3248, (Wed, Apr 17th)

By Perry Varanoid on Wednesday, April 17th, 2013 | No Comments

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SCIF requirements prevent open CISPA markup, says House Intelligence

By Perry Varanoid on Thursday, April 4th, 2013 | No Comments

“Opponents of the Cyber Intelligence Sharing and Protection Act and government transparency advocates are calling on the House Intelligence Committee to hold a public markup of the bill when it comes before the committee next week although committee staff the nature of the committee hearing prevents public entry or recording. An April 3 letter (.

Posts Tagged ‘oracle’