A vulnerability in Oracle Database 11g Releases 1 and 2 could allow an attacker to remotely steal information located on the database, including user passwords.
The day after Oracle released Java Version 7 Update 7, a fix for three vulnerabilities (including last week's zero-day disclosure), a security firm has found a new error in the latest version.
An update for Java 7 that addresses "3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers" was released by Oracle on Wednesday.
Information on a Java flaw that has been seen in targeted attacks in the wild, and has been tested to work on most major Web browsers for both Mac and PC, was reported on Monday by security firm FireEye.
Last week the company submitted a 42-page document detailing security policies for Amazon Web Services (AWS).
Sonatype on Wednesday launched a new on-demand service that analyzes the open-source components in Java applications for security, licensing and quality problems.
A well-known hacking tool aimed at Java vulnerabilities appears to have gotten an upgrade designed to exploit a newly-patched security flaw addressed in the Java SE 6 Update 33 and Java SE 7 Update 5.
The Cloud Security Alliance (CSA) has disclosed plans to offer a certification program for providers of cloud-based products and services.
Two separate flaws in the PHP scripting language found in a large majority of Web sites have been seen being exploited in the wild by attackers.
Apple says a Java update the company released on April 3 fixes the headline-grabbing security flaw exploited by the Flashback Trojan botnet.
A recently disclosed Java vulnerability has been updated in the BlackHole kit, a popular exploit set among hackers. Security experts warn that a majority of Java users could be at risk.
Google's newly launched Service Accounts will provide certificate-based authentication to APIs for server-to-server interactions.
According to a lawsuit filed in a Texas court this week, makers of some of the most popular mobile apps are collecting user information without the consumer's consent.
Microsoft, partnered with with secured and managed mobile enterprise app company Good Technology, will bring encrypted e-mail services to the Windows Phone platform.
HP today unveiled a new platform of integrated security solutions that, according the company, is designed to "bridge the gap between security and IT operations of security solutions."
Six tech companies have agreed to provide clear information on their individual privacy policies before their products are downloaded.
DDoS attacks are targeting IPv6 networks for the first time since the Internet protocol started implementation last year.
A large malware ring might have infected more than 5 million Android users with fraudulent apps, according to Symantec.
ForgeRock has released version 2.0 of its OpenIDM identity management offering.
According to a Microsoft Security Intelligence Report, released last month, the most common software exploit type in the first half of 2011 was associated with vulnerabilities in Oracle's Java Runtime Environment (JRE).