On its web site, Oracle has announced which security patches will be released on Tuesday. The company said that the 86 fixes will affect "hundreds of Oracle products". The most serious hole with the highest CVSS (Common Vulnerability Scoring System) rating of 10 will be closed in Oracle's Database Mobile/Lite Server mobile database variant.
In the free MySQL relational database, Oracle will tackle 18 potential points of attack. Two of these have a CVSS rating of 9 and are said to be exploitable remotely and without authentication. With its patch update, Oracle will likely also close the recently disclosed 0day hole in MySQL - at least that's what the latest comments in Red Hat's Bugzilla report on this subject seem to indicate. The relevant corrections in the MySQL source code were made in versions 5.5.29 and 5.1.67. Only one patch for the "Spatial" module will be released for the Oracle 10/11 database server which means that the hole that has long been known to exist in the TNS Listener will continue to remain unpatched. Oracle had announced that it plans to close this hole in the upcoming version 12 of the database server.
Continued : http://www.h-online.com/security/news/item/Oracle-announces-86-fixes-including-18-for-MySQL-1782780.html
Also: Oracle management tools top critical list in quarterly patch party
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
NEWS - January 14, 2013
It's a brand new year and you would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.
However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.
Take this example, an email which claims to come from the "Windows Live Team" and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password: [Screenshot]
Part of the email reads:
VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE
We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered. We are hereby suspending your account; as it has been used for fraudulent purposes.. Now we need you to reconfirm your account information to us. Click your reply tab, fill in the columns below and send it back to us or your email account will be suspended permanently.
Continued : http://nakedsecurity.sophos.com/2013/01/14/phishing-msn-hotmail-users/
Discussion is locked
3 Posts
- Collapse
- Collapse -
- Collapse -
For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by researchers at Kaspersky Lab, focused not only on workstations, but mobile devices and networking gear to gain a foothold inside strategic organizations. Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in China and Russian malware, Kaspersky researchers said.
While Kaspersky would not go so far as to call it a nation-state campaign, the resources behind the attackers and the targets they chose—which also included oil and gas companies, aerospace, nuclear research, and trade and commerce organizations—would indicate an interest in a particular type of information.
Most of the victims were specific organizations in Eastern Europe, former USSR nations and countries in Central Asia. Some attacks were also noticed in Western Europe and North America, Kaspersky said.
"The campaign is currently still active with data being sent to multiple command-and-control servers through an infrastructure which rivals the complexity of the Flame malware," Kaspersky said in a report released today.
Continued : https://threatpost.com/en_us/blogs/rocra-espionage-malware-campaign-uncovered-after-five-years-activity-011413
Related: Red October: Espionage Campaign Targeting Government, Other High-Profile Organizations
- Collapse -
The news that well-known Web activist and developer Aaron Swartz took his own life on Friday resounded across the Internet at an amazing speed during this past weekend.
Many who knew him privately, worked with him on the various projects, and received his help with theirs wrote moving and insightful tributes to this genius of a man that accomplished many important things that greatly indebted us all.
Among these things were also some that attracted negative attention from U.S. authorities - namely, his "breaking into" MIT's JSTOR archive (a massive online archive of digitized scientific journals and academic papers) and alleged theft of over 4 million digital documents with the intent on distributing them freely online.
This action resulted in charges that could have lead to his imprisonment for up to 35 years, and it is believed that this was one of the main reasons for his tragic demise.
Continued : http://www.net-security.org/secworld.php?id=14232
Also: MIT president calls for "thorough analysis" of school's involvement with Swartz
Related:
Anonymous hacks MIT websites after Aaron Swartz's death
Anonymous defaces MIT website with memorial for Aaron Swartz
Aaron Swartz Allegedly Driven to Suicide by Prosecutors
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic