InfoSecBulletin Cybersecurity for mankind
Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers.
Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity vulnerabilities.
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
Oracle Communications received the highest number of security patches this month, with a total of 93. Out of these, 71 patches specifically cover bugs that can be remotely exploited without requiring authentication.
Next in line are Fusion Middleware (51 security patches – 35 addressing remotely exploitable, unauthenticated issues), Financial Services Applications (49 – 30), and E-Business Suite (47 – 43).
MySQL, Systems, Communications Applications, Java SE, Virtualization, Analytics, Enterprise Manager, PeopleSoft, and Retail Applications all had patches released. The patches addressed various vulnerabilities, with some being exploitable remotely without authentication.
Oracle released security patches this month for various products, including Database Server, Commerce, Construction and Engineering, Insurance Applications, Supply Chain, Support Tools, Food and Beverage Applications, HealthCare Applications, Utilities Applications, Hyperion, Hospitality Applications, Health Sciences Applications, Autonomous Health Framework, Big Data Spatial and Graph, Global Lifecycle Management, and GoldenGate.
Oracle has released patches for some applications that fix security issues, including some additional vulnerabilities and non-exploitable flaws. They have also released separate fixes for vulnerabilities that affect multiple applications.
Oracle customers are advised to apply the patches as soon as possible.
“It has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” Oracle said.
On Tuesday, Oracle announced new security patches for various components of their operating systems. This includes 13 patches for Solaris, 71 patches for Oracle Linux, and 3 patches for the Oracle VM Server for x86.
