X

The Oracle Security blog discusses Oracle's security policies and practices, and explores security trends.

FEATURED POST

Updates about the “Spectre” series of processor vulnerabilities and CVE-2018-3693

A new processor vulnerability was announced today. Vulnerability CVE-2018-3693 (“Bounds Check Bypass Store” or BCBS) is closely related to Spectre v1. As with...

Recent Posts

Oracle Security

Updates about processor vulnerabilities CVE-2018-3640 (“Spectre v3a”) and CVE-2018-3639 (“Spectre v4”)

Two new processor vulnerabilities were publicly disclosed on  May 21, 2018.  They are vulnerabilities CVE-2018-3640 ( “Spectre v3a” or “Rogue System Register...

Oracle Security

Processor vulnerabilities CVE-2018-3640 (“Spectre v3a”) and CVE-2018-3639 (“Spectre v4”)

The Oracle security and development teams are aware of vulnerability CVE-2018-3640 (a.k.a. “Spectre v3a”) and CVE-2018-3639 (a.k.a. “Spectre v4”).  Oracle is...

Critical Patch Updates

April 2018 Critical Patch Update Released

Oracle today released the April 2018 Critical Patch Update. This Critical Patch Update provided security updates for a wide range of product families,...

Critical Patch Updates

January 2018 Critical Patch Update Released

Oracle today released the January 2018 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Critical Patch Updates

Security Alert CVE-2017-10269 Released

Oracle just released Security Alert CVE-2017-10269 to address a number of vulnerabilities affecting the Jolt Server within Oracle Tuxedo.  The maximum reported...

Critical Patch Updates

Security Alert CVE-2017-10151 Released

Oracle just released Security Alert CVE-2017-10151 to address a vulnerability affecting Oracle Identity Manager.  This vulnerability has received a CVSS Base...

Critical Patch Updates

October 2017 Critical Patch Update Released

Oracle today released the October 2017 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Critical Patch Updates

Security Alert CVE-2017-9805 Released

Last week, Equifax identified an Apache Struts 2 vulnerability, CVE-2017-5638, as having been exploited in a significant security incident. Oracle distributed...

Critical Patch Updates

July 2017 Critical Patch Update Released

Oracle today released the July 2017 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Oracle Security

Securing the Oracle Cloud

sup { vertical-align: baseline; position: relative; top: -0.4em; } Technology safeguards, fewer risks, and unparalleled security motivate CIOs to embrace cloud...

Security Updates

Security Alert CVE-2017-3629 Released

Oracle just released Security Alert CVE-2017-3629 to address three vulnerabilities affecting Oracle Solaris: - Vulnerability CVE-2017-3629 affects Oracle...

Oracle Security

Oracle's Security Fixing Practices

In a previous blog entry, we discussed how Oracle customers should take advantage of Oracle's ongoing security assurance effort in order to help preserve their...

Oracle Security

Take Advantage of Oracle Software Security Assurance

In a previous blog entry (What is Assurance and Why Does It Matter?), Mary Ann Davidson explains the importance of Security Assurance and introduces Oracle...

Critical Patch Updates

April 2017 Critical Patch Update Released

Oracle today released the April 2017 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Critical Patch Updates

January 2017 Critical Patch Update Released

Oracle today released the January 2017 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Industry Insights

What Is Assurance and Why Does It Matter?

If you are an old security hand, you can skip reading this. If you think "assurance" is something you pay for so your repair bills are covered if someone hits...

Security Trends

The State of Open Source Security

Open source components have played a growing role in software development (commercial and in-house development). The traditional role of a developer has evolved...

Industry Insights

Common Criteria and the Future of Security Evaluations

For years, I (and many others) have recommended that customers demand more of their information technology suppliers in terms of security assurance – that is,...

Critical Patch Updates

October 2016 Critical Patch Update Released

Oracle today released the October 2016 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Industry Insights

Unmasking Hackers with User Behavior Analytics

Many people keep sensitive documents in cloud storage services and the latest breach shows that hackers are focusing on online storage cloud services more...

Critical Patch Updates

July 2016 Critical Patch Update Released

Oracle today released the July 2016 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Product News

Why Monitoring Alone is Not Enough in Cloud Security

Comprehensive threat intelligence is key for ensuring accuracy and maximize effectiveness of automated security solutions. Monitoring alone is not enough to...

Product News

Can a CASB Protect You From the Treacherous 12? - Part 4: CASBs and the Treacherous 7 through 12

Welcome to the fourth in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud...

Critical Patch Updates

April 2016 Critical Patch Update Released

Oracle today released the April 2016 Critical Patch Update. This Critical Patch Update provides fixes for a wide range of product families including: Oracle...

Product News

Can a CASB Help Protect You From the Treacherous 12? - Part 3: CASBs and the Treacherous 1 through 6

Welcome to the third in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud...

Industry Insights

Data Breaches in Cloud-Based Enterprises

The Cloud Enterprise Is at Risk As the chart below shows, every major industry vertical has been targeted, with retail, finance, and healthcare being the most...

Product News

Can a CASB Protect You From the Treacherous 12? - Part 2: CASBs and Threat Protection

Welcome to the second in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud...

Product News

Can a CASB Protect You From the Treacherous 12? - Part 1: CASB 101

Welcome to the first in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud...

Security Updates

Security Alert CVE-2016-0636 Released

Oracle released Security Alert CVE-2016-0636 to address a vulnerability affecting Java SE in web browsers on desktops. This vulnerability has received a CVSS...

Security Updates

Security Alert CVE-2016-0603 Released

Oracle just released Security Alert CVE-2016-0603 to address a vulnerability that can be exploited when installing Java 6, 7 or 8 on the Windows platform. This...

Critical Patch Updates

January 2016 Critical Patch Update Released

Oracle today released the January 2016 Critical Patch Update. With this Critical Patch Update release, the Critical Patch Update program enters its 11th year of...

Industry Insights

Improving the Speed of Product Evaluations

Hi there, Oracle Security blog readers; Josh Brickman here again. Today I want to share some of our thoughts about Common Criteria (CC) evaluations specifically...

Industry Insights

FIPS: The Crypto "Catch 22"

Hello, Oracle blog reader! My name is Joshua Brickman and I run Oracle's Security Evaluations team (SECEVAL). At SECEVAL we are charged with shepherding certain...