Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability.
Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.
Security researchers have detected a new wave of cryptocurrency-mining malware infecting servers across the web, and this one is using multiple exploits to gain access to vulnerable and unpatched systems to install a Monero miner.
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory.
An Ohio court sentenced yesterday four high-ranking TERiX executives for their role in a pirating scheme through which they stole and resold Sun and Oracle firmware patches. Three of the four execs received prison sentences.
Hackers have a new security flaw in their arsenal they can exploit to install POS malware on Oracle Micros point-of-sale systems.
A group of hackers has made over a quarter-million dollars worth of Monero by breaking into Oracle WebLogic servers and installing a cryptocurrency miner.
Oracle has issued an out-of-band emergency security update to address five vulnerabilities, among which one is rated 10 out of 10 on the CVSSv3 bug severity scale, and a second was rated 9.9 out of 10.
Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale.
Today, Oracle released their April 2017 Critical Patch Update, or CPU, that resolves a record breaking 299 vulnerabilities across all of their products. Of these 299 vulnerabilities, over 100 are remotely executable.
Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year.
Both Java and Python contain similar security flaws that allow an attacker to bypass firewalls by injecting malicious commands inside FTP URLs.
Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running.
Oracle risks to lose all current and future contracts with the US government after the US Department of Labor (DoL) has filed a lawsuit against the company's US Division, Oracle America., Inc..
Today, Oracle released their January 2017 Critical Patch Update, or CPU, that resolves a massive 270 vulnerabilities across all of their products. Of these 270 vulnerabilities, over 100 are remotely exploitable without authentication.
System administrators should be patching their MySQL installations if they haven't in the last three weeks, to safeguard their database servers against three critical security flaws discovered by Polish security researcher Dawid Golunski.
Today, Oracle released their October Critical Patch Update, or CPU, that resolves 253 vulnerabilities across all of their products. All of these vulnerabilities are rated as critical as they allow remote code execution in some form. As remote code execution allows attackers to remotely execute commands on an affected computer,
Today Microsoft, Oracle, and Adobe all released security updates for critical vulnerabilities in their products. Critical vulnerabilities allow attackers to execute commands on the vulnerable computers that could allow them to download and installer further programs without your permission.
Oracle announced yesterday that they will be deprecating the use of Java browser plugins starting in JRK 9, with it ultimately being removed altogether in future versions of the Java runtime environment. This is a important step in browser security as Java is a common target for exploit kits and attackers.