Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
September 25, 2018
Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February ...
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
September 24, 2018
A security researcher shows on Mojave’s release day that Apple’s latest privacy protection implementations in macOS are not sufficiently strong. In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book. Talking to BleepingComputer, Wardle says that he ...
- Cisco: We’ve killed another critical hard-coded root password bug, patch urgently
September 24, 2018
Cisco has supplied a patch for its Video Surveillance Manager software to erase hardcoded default credentials for the root account. Admins responsible for appliances running Cisco’s surveillance software should urgently patch the flaw, which has a Common Vulnerability Scoring System (CVSS) version 3 score of 9.8 out of a possible 10. The flaw would allow an attacker ...
- Researcher Discloses New Zero-Day Affecting All Versions of Windows
September 21, 2018
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could ...
- Major Irish utility networks vulnerable to cyber attacks set to have security increased
September 19, 2018
Our water supplies, electricity and gas grids and phone networks are all vulnerable to cyber-attacks from tech-terrorists and are about to have their security beefed-up. That is because all of our utilities and essential State services are in some way or another reliant on digital technology, which in turn makes them vulnerable to digital attack. Minister Denis ...
- New CSS Attack Restarts an iPhone or Freezes a Mac
September 15, 2018
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug. This new attack was discovered by Sabri Haddouche, a security researcher at Wire, who was able to devise a ...