In its February Critical Patch Update (CPU) released this week, Oracle is patching 21 vulnerabilities across its popular Java SE and Java for Business products. In its release, the company said 19 of the Java flaws affecting the Java Runtime Environment could be exploited remotely in network attacks without needing a username and password. Eight of the patches come with the highest rating on the Common Vulnerability Scoring System (CVSS). Oracle is "strongly" urging customers to apply the new fixes, as well as previous patches, as soon as possible. – GM
UnitedHealth Group’s CEO Andrew Witty set to testify before Congress tomorrow – security pros say there’s more to the story and it will take several more months of investigation before we know the full kill chain.
Threat actors could leverage a high-severity vulnerability impacting the R programming language, tracked as CVE-2024-27322, to enable arbitrary code execution during the deserialization of packages using the RDS format and potentially facilitate supply chain attacks, The Hacker News reports.
Major Canadian retail pharmacy chain London Drugs had all its stores across Alberta, British Columbia, Manitoba, and Saskatchewan temporarily closed down following a cybersecurity incident discovered on Sunday, reports The Register.