Click on a filter below to refine your search. Remove filter to broaden your search.
|Last 12 months||remove|
Hint: If you don't want the words you enter to be searched for separately, use quotation marks to find people or exact phrases. See our Search Help section for more hints.
Oracle patch update contains fixes for 144 vulnerabilities existing across hundreds of its products, including several in Java, which recently led to millions of Yahoo visitors being exposed to malicious advertisements.
But some researchers believe the changes to the software, many of which were released with Java 7u21 in April, are not enough.
Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.
Updates for the software platform will now arrive on a quarterly basis, beginning in October.
In total, the quarterly CPU brought 127 patches for vulnerabilities in Oracle products.
Microsoft tops other IT security vendors in the number of critical vulnerabilities in its products. Adobe and Oracle come in second and third place, respectively, according to Skybox Security.
This month's company news features new hires at Verizon Enterprise Solutions and Coalfire Systems, as well as acquisitions by Oracle and Trustwave.
The company is planning to fix the flaws Tuesday when it releases its latest Critical Patch Update for Java SE.
The most severe flaw addressed was a remotely exploitable bug impacting Oracle's Database Server.
In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.
Websense said Tuesday that Java users aren't getting much better at patching the software.
MS13-061, which addresses three vulnerabilities in Exchange Server, was scrapped after Microsoft became aware that installing it causes problems. The issues do not occur in Exchange 2007 or 2010 environments, only 2013.
For March's threat of the month, Secunia's Kasper Lindgaard believes Java vulnerabilities should be at the top of everyone's radar.
The bug, rated "critical," has been patched for Java 7 users, but those still using an earlier version of the software are susceptible to in-the-wild attacks.
October's threat of the month allows for remote code execution vulnerabilities to affect Java prior to version 7 Update 25.
This month's "threat of the month" features a Java exploit that affects versions 7 Update 17 and prior.
Experts in this month's debate discuss Java. Is it time to stop using the popular software?
As more proof-of-concept code for "critical" Java vulnerabilities makes its way online, users running outdated versions of the platform should be wary of attacks.
Keynote speaker Brian Muirhead, chief engineer at NASA's Jet Propulsion Laboratory, inspired security practitioners in the Black Hat crowd by likening voyages to space with the duties they perform.
The highest-priority Microsoft patch is a cumulative fix that stops attackers from executing malicious code while users browse the web with IE.