Welcome!

Agile Computing Authors: Elizabeth White, Liz McMillan, AppNeta Blog, William Schmarzo, Sematext Blog

News Feed Item

Application Security, Inc.’s TeamSHATTER Discovers Ten Database-Related Vulnerabilities In January 2013 Oracle Critical Patch Update

Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced that TeamSHATTER researchers, Esteban Martinez Fayo, Martin Rakhmanov and Qinglin Jiang, have been credited by Oracle for discovering and reporting the single security issue fixed in the Oracle Database and nine out of 14 security issues fixed in Oracle Enterprise Manager in the January 2013 Oracle Critical Patch Update (CPU). TeamSHATTER researchers have been credited for reporting vulnerabilities in 30 of the 33 Oracle CPUs since the program’s inception in 2005.

The January 2013 CPU contains a total of 86 security vulnerability fixes across multiple Oracle products; 45 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. The CPU contains one database fix and 14 issues fixed in Oracle Enterprise Manager. The database issue and nine of the Oracle Enterprise Manager fixes are credited to TeamSHATTER.

The database vulnerability that was fixed is in the Spatial Component of the Oracle database. It allows for a full server takeover and should be patched immediately. If it is not needed, removing the Spatial Component is a potential workaround. This vulnerability has a CVSS score of 9.0.

The Oracle Enterprise Manager vulnerabilities include flaws that allow an attacker to affect the confidentiality and integrity of the database. The CVSS scores range from 4.3 – 7.5. An analysis and recommended call-to-action for the database vulnerability and the Oracle Enterprise Manager vulnerabilities is available here: http://www.teamshatter.com/

“Oracle is making a concerted effort to fix security vulnerabilities across the product line. The one database-specific fix has a CVSS score of 9.0, making it very high-risk, and customers need to deploy patches ASAP,” states Esteban Martinez Fayo, researcher with TeamSHATTER. “And, even though the fixes in Oracle Enterprise Manager are not as high of a risk (CVSS scores range from 4.3 – 7.5), 14 fixes is a high number that should be deployed so organizations are not left open to attack.”

This Critical Patch Update also contains 18 new security fixes for Oracle MySQL. Two of these vulnerabilities allow for a complete takeover of the database and the hosting server, and the other two vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. It is extremely critical to apply these patches to any MySQL installation.

The TeamSHATTER vulnerability knowledgebase is the largest and most up-to-date offering of its kind. By identifying and remediating critical database vulnerabilities, TeamSHATTER helps to ensure that AppSecInc customer data is safe from internal and external threats.

AppSecInc supports every Oracle CPU by updating its market-leading solutions, AppDetectivePro for auditors and IT advisors and DbProtect for the enterprise with the appropriate scanning checks and monitoring filters through its monthly ASAP Update™ (Application Security Automatic Protection) process. DbProtect updates will include monitoring filters for the new security vulnerabilities, enabling customers to protect sensitive information during the deployment of new patches across their database infrastructure.

About TeamSHATTER

TeamSHATTER, the research arm of Application Security, Inc., is the largest dedicated database security, vulnerability and misconfiguration research team in the world. TeamSHATTER maintains the most comprehensive knowledgebase of database vulnerability and misconfiguration checks in the industry and understands how to make security an integral part of an enterprise’s database security and network management infrastructure. TeamSHATTER regularly publishes security advisories, technical papers and research information on www.TeamSHATTER.com.

About Application Security, Inc.

AppSecInc is a pioneer and leading provider of database security solutions for enterprise of all sizes. By providing easy to deploy and manage, highly scalable software-only solutions – AppDetectivePro for security and risk professionals, and DbProtect for the enterprise – AppSecInc helps customers achieve unprecedented levels of data security, while reducing overall risk and helping to ensure continuous regulatory and industry compliance. Used by more than 1,300 active commercial and government customers worldwide, our proven and award-winning enterprise solutions are backed by the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER.

For more information, please visit: www.appsecinc.com and follow us on Twitter: www.twitter.com/appsecinc | http://www.twitter.com/teamshatter

DbProtect and AppDetectivePro are trademarks of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
Verizon Communications Inc. (NYSE, Nasdaq: VZ) and Yahoo! Inc. (Nasdaq: YHOO) have entered into a definitive agreement under which Verizon will acquire Yahoo's operating business for approximately $4.83 billion in cash, subject to customary closing adjustments. Yahoo informs, connects and entertains a global audience of more than 1 billion monthly active users** -- including 600 million monthly active mobile users*** through its search, communications and digital content products. Yahoo also co...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it ...
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...