Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone’s Signature
June 14, 2018
A security researcher has discovered a critical vulnerability in some of the world’s most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail, in PGP and S/Mime encryption tools that ...
- Lazarus Group used ActiveX zero-day vulnerability to attack South Korean security think tank
June 13, 2018
An ActiveX zero-day vulnerability used in attacks against a South Korean think tank has been connected to Lazarus Group. The target of these attacks was the Sejong Institute, a non-profit South Korean think tank which conducts research on national security. The private organization works with academic institutions worldwide. Read more… Source: ZDNet
- Bypass Glitch Allows Malware to Masquerade as Legit Apple Files
June 12, 2018
Masquerading as an official Apple system file sounds like a wonderful way for malware to worm its way onto Macs – and a recently discovered code-signing bypass flaw allows bad code to do just that. The way some developers have implemented Apple’s official code-signing API can be exploited by attackers. Essentially, Apple makes an API available ...
- New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices
June 12, 2018
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) ...
- Zero-Day Flash Exploit Targeting Middle East
June 7, 2018
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by Adobe. Read more… Source: ThreatPost
- Researchers Warn of Microsoft Zero-Day RCE Bug
June 1, 2018
Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. Read more… Source: ...