Security News -- ADTmag

Security

Oracle Delays Plan to Block JAR Files Signed with MD5 until April

By John K. Waters

When Oracle publishes its next quarterly patch update in April, the company will begin treating JAR files signed with the MD5 hashing algorithm as unsigned.
Oracle Issues First Security Patch of the Year

By John K. Waters

Near-record Critical Patch Update provides fixes for 270 vulnerabilities across 45 products.
Oracle CPU Does Little to Fix Serialization Vulnerability

By John K. Waters

Java security expert finds vulnerability especially serious and laments Oracle's fix: a user-configurable whitelist/blacklist filter.
MongoDB Ransom Notes: Humor, Bad Spelling, Not Much Style

By David Ramel

Doesn't readability count in criminal ransom notes anymore?
After MongoDB Debacle, Expect More Ransomware, Open Source Attacks in 2017

By David Ramel

After the recent MongoDB debacle in which tens of thousands of unsecured open source databases were hijacked for ransom, security specialists are predicting more of the same for 2017 -- at least until the good guys catch up and things settle down in the second half.
Hackers Pile On As MongoDB Databases Are Hijacked for Ransom

By David Ramel

Thousands of open MongoDB databases have been attacked by hackers who hijack the stored data and demand ransom to return the contents, with more bad actors piling on by the day.
Google Launches Open Source Security Tool in Beta

By David Ramel

Google wants to make "fuzz testing" -- providing random data inputs to programs -- a standard part of open source development with a new tool called OSS-Fuzz, now in beta.
Oracle's Quarterly Critical Patch Update Is Another Whopper

By John K. Waters

Oracle's latest quarterly Critical Patch Update was the second-largest ever, providing fixes for 253 security vulnerabilities for 76 of the company's products, including seven security updates for Java SE 6, 7 and 8, and eight for the Java EE-based WebLogic and GlassFish application servers.
HPE DevOps Report: Security Hindered by Pressure to Release Apps Quickly

By David Ramel

In an age of huge data breaches and hacked IoT devices bringing down the Internet, it seems strange that enterprise developers still need to be reminded of the importance of security, but that's exactly what Hewlett Packard Enterprise does in its new DevOps research.
Waratek Adds RASP Plug-In to AppSecurity for Java

By John K. Waters

Application security tools provider Waratek has released a new version of its AppSecurity for Java platform that automatically modernizes the security capabilities of older Java apps with a simple RASP plug-in.
Google Highlights Android Nougat Security

By David Ramel

Google this week blogged about security enhancements in Android 7.0 Nougat on the same day the first security bulletin was issued for the brand-new mobile OS.
Mobile Developers: Biometrics Best Authentication Option

By David Ramel

A new mobile development survey shows biometric authentication is seen as the best option to improve app security and privacy, despite alternatives with "more novelty."
Security Study: Developer 'Rush To Release' Increases App Risk

By David Ramel

The explosive growth of mobile apps and the shift to cloud computing are increasing security risks at the application level, a problem that organizations can overcome by hiring skilled developers and lessening the "rush to release," according to a new report.
Oracle's Quarterly CPU Fixes Record Number of Vulnerabilities

By John K. Waters

Oracle's latest Critical Patch Update, issued this week, fixed a record 276 vulnerabilities in a range of the company's products, including 13 in Java SE, some of which received high-severity scores.
Report: 1 in 16 Java Components Have Security Defects

By John K. Waters

Easily the most disturbing revelation in this report is that defective components in the software supply chain are routinely making their way into applications.