October 19, SecurityWeek – (International) Oracle Critical Patch Update for October 2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical Patch Update (CPU) for October 2016 to resolve a total of 253 new security flaws in several of its products, including 36 flaws in its Oracle Communications Applications, 14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication, 24 flaws in its Financial Services Applications, and issues affecting its Retail Applications, among other vulnerabilities that could allow an attacker to hijack the vulnerable application stack and potentially expose confidential application data. Source
October 18, Softpedia – (International) VeraCrypt security audit concludes despite rocky start. The VeraCrypt project released version 1.19 of its encryption software after a recent security audit performed by QuarksLab revealed 26 security flaws plaguing the open-source software, including the ability to encrypt user data via the insecure GOST 2814-89 algorithm, and a flaw in the boot password mechanism that allowed attackers to determine password length. Version 1.19 also replaced the insecure XZip and XUnzip libraries with the modern libzip library, and updated the VeraCrypt bootloader component in order to secure its code against outside exploitation and data exfiltration. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report