Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 20, 2016

October 19, SecurityWeek – (International) Oracle Critical Patch Update for October 2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical Patch Update (CPU) for October 2016 to resolve a total of 253 new security flaws in several of its products, including 36 flaws in its Oracle Communications Applications, 14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication, 24 flaws in its Financial Services Applications, and issues affecting its Retail Applications, among other vulnerabilities that could allow an attacker to hijack the vulnerable application stack and potentially expose confidential application data. Source

October 18, Softpedia – (International) VeraCrypt security audit concludes despite rocky start. The VeraCrypt project released version 1.19 of its encryption software after a recent security audit performed by QuarksLab revealed 26 security flaws plaguing the open-source software, including the ability to encrypt user data via the insecure GOST 2814-89 algorithm, and a flaw in the boot password mechanism that allowed attackers to determine password length. Version 1.19 also replaced the insecure XZip and XUnzip libraries with the modern libzip library, and updated the VeraCrypt bootloader component in order to secure its code against outside exploitation and data exfiltration. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.