InfoSecBulletin Cybersecurity for mankind
Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers.
Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity vulnerabilities.
BCSI BLOG POST
SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh
Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries
Australian gov.t warns of ‘large-scale ransomware data breach’
Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities
New “Antidot” Banking Trojan disguised Fake Google Play Updates
CISA Published Encrypted DNS Implementation Guidance
Cyble Research
Transparent Tribe & SideCopy: A Cyber Alliance Targeting India
Recordedfuture report
Hackers Exploit GitHub to Spread Malware targeting operating systems
ALERT
CISA issued Seventeen Industrial Control Systems Advisories
Intel released 41 Security Advisories Over 90 Vulnerabilities
Oracle Communications received the highest number of security patches this month, with a total of 93. Out of these, 71 patches specifically cover bugs that can be remotely exploited without requiring authentication.
Next in line are Fusion Middleware (51 security patches – 35 addressing remotely exploitable, unauthenticated issues), Financial Services Applications (49 – 30), and E-Business Suite (47 – 43).
MySQL, Systems, Communications Applications, Java SE, Virtualization, Analytics, Enterprise Manager, PeopleSoft, and Retail Applications all had patches released. The patches addressed various vulnerabilities, with some being exploitable remotely without authentication.
Oracle released security patches this month for various products, including Database Server, Commerce, Construction and Engineering, Insurance Applications, Supply Chain, Support Tools, Food and Beverage Applications, HealthCare Applications, Utilities Applications, Hyperion, Hospitality Applications, Health Sciences Applications, Autonomous Health Framework, Big Data Spatial and Graph, Global Lifecycle Management, and GoldenGate.
Oracle has released patches for some applications that fix security issues, including some additional vulnerabilities and non-exploitable flaws. They have also released separate fixes for vulnerabilities that affect multiple applications.
Oracle customers are advised to apply the patches as soon as possible.
“It has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” Oracle said.
On Tuesday, Oracle announced new security patches for various components of their operating systems. This includes 13 patches for Solaris, 71 patches for Oracle Linux, and 3 patches for the Oracle VM Server for x86.
