Oracle Critical Patch Update Advisory - April 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM formerly known as Kyber, renamed because we can't have nice things is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

Unleashing the Power of the Internet of Things and Cyber Security

Due to the rapid evolution of technology, the Internet of Things IoT is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining...

Oracle Critical Patch Update Advisory - July 2023

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Security as a differentiator: How to market the secure customer experience

Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfires Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps...

Oracle Critical Patch Update Advisory - July 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041

The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSH software CVE-2021-28041 vulnerability. PAN-OS software does not utilize the ssh-agent component or provide access to the agent socket related to this vulnerability. There are no scenarios that enable successful...

Asylo Open-Source Framework Tackles TEEs for Cloud

Asylo, an open-source framework and software development kit SDK for creating applications that run in trusted execution environments TEEs, has launched to tackle the complexity involved in running a confidential computing platform for workloads in the cloud and virtual environments. TEEs provide...

October 2015 Oracle Critical Patch Update

Oracle on Tuesday patched 154 vulnerabilities in 54 different products as part of its regularly scheduled Critical Patch Update. More than half of the patches, 84 to be exact, address vulnerabilities that Oracle claims may be remotely exploitable without authentication. Java SE is responsible for...

Cisco Finesse Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco Finesse Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remote...

NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

[SE-2014-01] Security vulnerabilities in Oracle Database Java VM

Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...

Bogus Report: 55,000 Twitter accounts compromised

Bogus Report: 55,000 Twitter accounts compromised Thousands of Twitter passwords were exposed this week and the site was looking into matter. According to a message posted on Twitter's Japanese blog, None of the recently leaked Twitter logins and passwords came from within the company. Twitter ha...

Derbycon 2011 Videos talks

Derbycon 2011 Videos Talks The idea behind DerbyCon was developed by Dave Kennedy ReL1K, Martin Bos PureHate, and Adrian Crenshaw Irongeek. Their motivation stemmed from a desire to see more of the old-style talks and events of the conventions of the past. DerbyCon was hosted by some specialized...

IEEE and Cloud Security Alliance Form Partnership

The Cloud Security Alliance CSA and IEEE are joining forces to ensure that best practices and standards are developed and available to provide security assurance for cloud computing. As a result of this collaboration, CSA and IEEE have been conducting a survey to identify and define the most...