November 20, 2024 at 05:36AM Oracle announced patches for a critical information disclosure vulnerability (CVE-2024-21287) in Agile Product Lifecycle Management (PLM), which has been actively exploited. The flaw allows remote, unauthenticated attackers to access files under PLM application privileges. Users are urged to apply the updates promptly, as support for Agile PLM will end in … Read more
November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more
September 19, 2024 at 11:06AM CISA added critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle flaws (CVE-2022-21445 and CVE-2020-14644). These can be exploited for remote code execution and system takeover. The flaws impact Oracle Fusion Middleware’s JDeveloper and WebLogic Server, and are linked to reported attacks on major organizations’ systems. Key … Read more
June 6, 2024 at 06:44AM CISA added the 7-year-old Oracle vulnerability CVE-2017-3506 to its KEV catalog due to ongoing exploitation by Chinese cybercriminals. Recent research by Trend Micro found Water Sigbin leveraging this vulnerability to deploy cryptocurrency miners and evade detection. Patching is an issue, with Oracle potentially planning a special patch release due to … Read more
March 19, 2024 at 12:54PM Oracle has warned Apple users to delay updating to the latest macOS 14.4 Sonoma due to potential Java compatibility issues on ARM-based Macs. The update causes the Java process to terminate without warning, affecting all Java versions. Oracle advises users to delay the update until the issue is resolved. Other … Read more
November 17, 2023 at 08:09AM The US cybersecurity agency CISA has added vulnerabilities from Sophos, Oracle, and Microsoft to its Known Exploited Vulnerabilities (KEV) catalog. The Sophos flaw, CVE-2023-1671, has been exploited in attacks and allows for arbitrary code execution. There have been reports of Chinese threat actors exploiting Sophos vulnerabilities. CISA’s KEV list also … Read more