Near-record Critical Patch Update provides fixes for 270 vulnerabilities across 45 products.
When Oracle publishes its next quarterly patch update in April, the company will begin treating JAR files signed with the MD5 hashing algorithm as unsigned.
After the recent MongoDB debacle in which tens of thousands of unsecured open source databases were hijacked for ransom, security specialists are predicting more of the same for 2017 -- at least until the good guys catch up and things settle down in the second half.
Thousands of open MongoDB databases have been attacked by hackers who hijack the stored data and demand ransom to return the contents, with more bad actors piling on by the day.
Google wants to make "fuzz testing" -- providing random data inputs to programs -- a standard part of open source development with a new tool called OSS-Fuzz, now in beta.
Oracle's latest quarterly Critical Patch Update was the second-largest ever, providing fixes for 253 security vulnerabilities for 76 of the company's products, including seven security updates for Java SE 6, 7 and 8, and eight for the Java EE-based WebLogic and GlassFish application servers.
In an age of huge data breaches and hacked IoT devices bringing down the Internet, it seems strange that enterprise developers still need to be reminded of the importance of security, but that's exactly what Hewlett Packard Enterprise does in its new DevOps research.
Application security tools provider Waratek has released a new version of its AppSecurity for Java platform that automatically modernizes the security capabilities of older Java apps with a simple RASP plug-in.
Google this week blogged about security enhancements in Android 7.0 Nougat on the same day the first security bulletin was issued for the brand-new mobile OS.
A new mobile development survey shows biometric authentication is seen as the best option to improve app security and privacy, despite alternatives with "more novelty."
The explosive growth of mobile apps and the shift to cloud computing are increasing security risks at the application level, a problem that organizations can overcome by hiring skilled developers and lessening the "rush to release," according to a new report.
Oracle's latest Critical Patch Update, issued this week, fixed a record 276 vulnerabilities in a range of the company's products, including 13 in Java SE, some of which received high-severity scores.
A three-year-old security vulnerability in IBM's implementation of Java, which was thought to be fixed, is actually broken, researchers at Security Explorations disclosed last week.
A Java SE flaw Oracle reported as patched in 2013 can be easily bypassed today, security researchers have found.
New mobile app development products were released this week to bake in security at the code level for native apps and to rapidly build projects visually, with the help of a new free design/prototyping tool.
Cloudera, a commercial vendor of Apache Hadoop-based software for Big Data analytics, has teamed up with other companies to tackle cybersecurity with the technology.
An infamous Remote Access Trojan, a piece of Java-based malware that gives attackers a backdoor into Windows, Linux, Mac OS X and Android devices, has re-emerged -- after apparently being shut down last year -- now as a commercial "malware-as-a-service" platform.
Oracle has issued an out-of-cycle security patch to fix a vulnerability that can be exploited when installing Java on Windows. The vulnerability, which earned a CVSS Base Score score of 7.6, affects Java SE 6, 7 and 8.
Oracle's latest Critical Patch Update includes fixes for eight Java security holes, three of which were rated critical, earning Common Vulnerability Scoring Standard scores of 10.0.
Oracle has agreed to overhaul its Java security update process to settle Federal Trade Commission charges that the company deceived consumers by not informing them that the updates left older, still vulnerable versions of Java running on their computers.