InfoSecBulletin Cybersecurity for mankind
Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers.
Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity vulnerabilities.
Malware Attacks Increase 30% in First Half of 2024
New DNS Vulnerability “TuDoor” Threatens Internet Security
Acronis Urged Users to Patch Vulnerability
OpenAI to test search engine called SearchGPT
CISA Unveils advisories for Two Industrial Control Systems
Researchers unveil ConfusedFunction Vulnerability in Google Cloud Platform
BD CIRT published advisory on Web Application and Database Security
GitLab fixed six security flaws and recommends updating shortly
Researchers Unveil Massive Quad7 Botnet Targeting Microsoft 365
Threat Actor announce new DDoS Panel “Cliver”
Oracle Communications received the highest number of security patches this month, with a total of 93. Out of these, 71 patches specifically cover bugs that can be remotely exploited without requiring authentication.
Next in line are Fusion Middleware (51 security patches – 35 addressing remotely exploitable, unauthenticated issues), Financial Services Applications (49 – 30), and E-Business Suite (47 – 43).
MySQL, Systems, Communications Applications, Java SE, Virtualization, Analytics, Enterprise Manager, PeopleSoft, and Retail Applications all had patches released. The patches addressed various vulnerabilities, with some being exploitable remotely without authentication.
Oracle released security patches this month for various products, including Database Server, Commerce, Construction and Engineering, Insurance Applications, Supply Chain, Support Tools, Food and Beverage Applications, HealthCare Applications, Utilities Applications, Hyperion, Hospitality Applications, Health Sciences Applications, Autonomous Health Framework, Big Data Spatial and Graph, Global Lifecycle Management, and GoldenGate.
Oracle has released patches for some applications that fix security issues, including some additional vulnerabilities and non-exploitable flaws. They have also released separate fixes for vulnerabilities that affect multiple applications.
Oracle customers are advised to apply the patches as soon as possible.
“It has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” Oracle said.
On Tuesday, Oracle announced new security patches for various components of their operating systems. This includes 13 patches for Solaris, 71 patches for Oracle Linux, and 3 patches for the Oracle VM Server for x86.
