Tag Archives: java

Oracle and Cisco Patches – Daily Security Byte EP. 251

In today’s quick Security Byte video, I cover the Oracle and Cisco patches that have come out over the past few days. If you use products from either company, watch the video for highlights, and check the links below.

(Episode Runtime: 2:20)

Direct YouTube Link: https://www.youtube.com/watch?v=uIc7UrapLus

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Oracle & Apple Patches – Daily Security Byte EP. 206

Another week, another pile of patches. If you use Apple or Oracle products, it’s time to download the latest updates to keep your computers and servers safe. Watch today’s video for a quick summary of the affected products and issue, and check the link below to learn more.

(Episode Runtime: 2:18)

Direct YouTube Link: https://www.youtube.com/watch?v=NT5OqG8VG9k

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Oracle CPU for Oct. 2015 – Daily Security Byte EP. 162

Oracle follows a quarterly patch cycle, and today they released their big Critical Patch Update (CPU) for October 2015. Since they only update four times a year, they tend to release tons of patches at once. Today’s update fixes 154 vulnerabilities in a wide selection of their productsfrom MySQL to the Siebel CRM. Most importantly, they also released a Java update. If you use Oracle products, watch today’s video to learn more about the scope and impact of today’s CPU.

(Episode Runtime: 2:00)

Direct YouTube Link: https://www.youtube.com/watch?v=o4sfU3uS_mw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Backdoors and Watering Holes – WSWiR Episode 162

Cyber security has become mainstream. Nowadays, there’s more information security (infosec) stories each week than the average IT professional can keep up with. If you find yourself falling behind, let our daily and weekly videos keep you informed. If you watch my Daily Security Bytes, you can probably skip this weekly summary. However, if you prefer to recap the week in one go, this video is for you.

This week’s episode includes surprising new updates to the Ashley Madison hack, a backdoor in a bunch of consumer routers, and a watering hole attack targeting the EFF. Watch the video below for the scoop, and check out the references section for more.

(Episode Runtime: 8:41)

Direct YouTube Link: https://www.youtube.com/watch?v=DkcT9sFEfWc

Show Note: A couple notes this episode. First, while I posted last week’s summary video to YouTube, I was not able to blog about it due to my early week travel. If you missed it, you can view it here, or just subscribe to my YouTube channel to see my videos right when they come out. 

Also, I will be traveling in Europe all week to attend WatchGuard partner conferences. I will try to post some videos, but I probably won’t get to one every day, and will post them at unusual times. 

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

EFF Watering Hole Attack – Daily Security Byte EP.133

Today, the EFF warned the world that advanced attackers have been using their name in vain. A targeted spear phishing email is linking to a fake version of the EFF site, which forces malware via a recent cross-platform Java exploit. Learn more about this attack and how to protect yourself by watching the video below.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=ZQXOgjC3gTg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

July Patch Avalanche – Daily Security Byte EP.114

This Patch Tuesday, Adobe and Oracle shared the spotlight with Microsoft, releasing updates for well over 200 vulnerabilities. Furthermore, the patches included fixes for flaws leaked during The Hacking Team fiasco. Watch today’s video for details, and be sure to update as soon as you can.

Show Note: Due to continued travel, there will likely be no video on Thursday, though I will return with one on Friday. I’ll probably skip the weekly video this time due to the light week.

(Episode Runtime: 2:21)

Direct YouTube Link: https://www.youtube.com/watch?v=aoLhMVu4zzI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Weak Passwords are Good? – WSWiR Episode 113

Oracle Patches, Project Zero, and Password Problems

Another week, another big batch of InfoSec news. If your IT job is already overwhelming you with tasks, leaving you no time to keep up with computer and network security, “I’ve got ya bro.” Check out our weekly security news summary for all the important action.

Today’s episode covers Oracle’s quarterly Critical Patch Update (CPU), a neat security project from Google, and a bevy of password security related news and issues. It’s all in the video, so give it a play. Also, don’t forget the Reference section below for other interesting news.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 8:59)

Direct YouTube Link: https://www.youtube.com/watch?v=yOtbuwhqZVo

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Oracle CPU – WSWiR Episode 103

Oracle Patches, Heartbleed Update, and Cool Gaming Hacks

Information security has become a hot topic, with tens of new infosec articles and issues showing up each week. Perhaps you’re concerned with the latest security news, but don’t have to time to keep up with it among your other administrative tasks. If that sounds like you, check out my weekly infosec news video for a quick summary of the week’s most interesting stories.

Today’s episode is quite simple. I quickly cover Oracle’s April Critical Patch Update (CPU), share some interesting Heartbleed vulnerability updates, and end with a fun, gaming-related hack to cap off the week. Watch the video below, and browse the Reference section for links to more stories and details.

Have a great Easter weekend.

(Episode Runtime: 6:42)

Direct YouTube Link: https://www.youtube.com/watch?v=NtwbM82vVF0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

BlackPOS Robs Target – WSWiR Episode 91

Patching Trifecta, Mobile Banking Risks, and Hacktivist Hijackings

Patches, mobile malware, hacked off hacktivists, Point-of-Sale (PoS) malware… all that and more in this week’s information and computer security news summary video! If you need a quick roundup of the latest security news in one convenient package, you’ve come to the right place.

Today’s episode covers the week’s huge, triple-vendor patch day, the latest hacktivist hijacking, research on flaws in popular mobile banking apps, and more. I also talk about the latest updates on the huge holiday Target breach, including reports that begin to uncover the specific malware used in the attack. If you want to keep your organization’s network safe, don’t miss this video for the latest news and tips. Remember, check the Reference section below for links to many other security stories too!

Keep vigilant and have a great weekend!

(Episode Runtime: 12:45)

Direct YouTube Link: http://www.youtube.com/watch?v=7bOYMBKF1ws

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Oracle Patch Day: January’s CPU and Java Updates Correct 144 Vulnerabilities

Today, Oracle released their quarterly Critical Patch Update (CPU) for January 2014. CPUs are Oracle’s quarterly collections of security updates, which fix vulnerabilities in a wide-range of their products. Oracle publishes their quarterly updates on the Tuesday closest to the 17th of the month, and this quarter that happens to fall on Microsoft and Adobe’s Patch Tuesday.

Overall, Oracle’s CPU and Java updates fix around 144 security vulnerabilities in many different Oracle products and suites. The table below outlines the affected product categories, and the severity of the fixed flaws. The flaws with the highest CVSS rating are the most risky, meaning you should handle them first:

Product or Suite Flaws Fixed (CVE) Max CVSS
Java SE 36 10
Fusion Middleware 22 10
MySQL 18 10
Financial Services Software 1 10
Sun Systems Products Suite 11 7.2
Hyperion 2 7.1
Virtualization 9 6.8
E-Business Suite 4 5.5
Supply Chain Product Suite 16 5.5
Database Server 5 5
Seibel CRM 2 5
PeopleSoft Products 17 5
iLearning 1 4.3

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe the general impact of each issue, and share  CVSS severity ratings. While the severity of the 144vulnerabilities differs greatly, some of them pose a pretty critical risk; especially the Java SE ones.

Almost everyone has Java installed. If you do, I recommend you install the Java update immediately, or perhaps consider uninstalling Java or restricting it in some way using its security controls. With many flaws that have a CVSS rating of 10, the Java exploits allow remote attackers to install malware on your computer via web-based drive-by download attacks; and right now attackers really like targeting Java flaws.

Of course,  if you use any of the other affected Oracle software, you should update it as well. I recommend scheduling the updates based on the max CVSS rating for the products. For instance, if you use MySQL, update it quickly, but you can allow yourself to more time to fix the iLearning issues. You’ll find more details about these updates in the Patch Availably section of Oracle’s alert. — Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: