|By Business Wire
|January 17, 2013 02:13 PM EST
Security, Inc. (AppSecInc), the leading provider of database
security solutions for the enterprise, today announced that TeamSHATTER
researchers, Esteban Martinez Fayo, Martin Rakhmanov and Qinglin Jiang,
have been credited by Oracle for discovering and reporting the single
security issue fixed in the Oracle Database and nine out of 14 security
issues fixed in Oracle Enterprise Manager in the January
2013 Oracle Critical Patch Update (CPU). TeamSHATTER researchers
have been credited for reporting vulnerabilities in 30 of the 33 Oracle
CPUs since the program’s inception in 2005.
The January 2013 CPU contains a total of 86 security vulnerability fixes
across multiple Oracle products; 45 of the fixes in this CPU are for
vulnerabilities that are remotely exploitable without authentication.
The CPU contains one database fix and 14 issues fixed in Oracle
Enterprise Manager. The database issue and nine of the Oracle Enterprise
Manager fixes are credited to TeamSHATTER.
The database vulnerability that was fixed is in the Spatial Component of
the Oracle database. It allows for a full server takeover and should be
patched immediately. If it is not needed, removing the Spatial Component
is a potential workaround. This vulnerability has a CVSS score of 9.0.
The Oracle Enterprise Manager vulnerabilities include flaws that allow
an attacker to affect the confidentiality and integrity of the database.
The CVSS scores range from 4.3 – 7.5. An analysis and recommended
call-to-action for the database vulnerability and the Oracle Enterprise
Manager vulnerabilities is available here: http://www.teamshatter.com/
“Oracle is making a concerted effort to fix security vulnerabilities
across the product line. The one database-specific fix has a CVSS score
of 9.0, making it very high-risk, and customers need to deploy patches
ASAP,” states Esteban Martinez Fayo, researcher with TeamSHATTER. “And,
even though the fixes in Oracle Enterprise Manager are not as high of a
risk (CVSS scores range from 4.3 – 7.5), 14 fixes is a high number that
should be deployed so organizations are not left open to attack.”
This Critical Patch Update also contains 18 new security fixes for
Oracle MySQL. Two of these vulnerabilities allow for a complete takeover
of the database and the hosting server, and the other two
vulnerabilities may be remotely exploitable without authentication,
i.e., may be exploited over a network without the need for a username
and password. It is extremely critical to apply these patches to any
The TeamSHATTER vulnerability knowledgebase is the largest and most
up-to-date offering of its kind. By identifying and remediating critical
database vulnerabilities, TeamSHATTER helps to ensure that AppSecInc
customer data is safe from internal and external threats.
AppSecInc supports every Oracle CPU by updating its market-leading
for auditors and IT advisors and DbProtect
for the enterprise with the appropriate scanning checks and monitoring
filters through its monthly ASAP Update™ (Application Security Automatic
Protection) process. DbProtect updates will include monitoring filters
for the new security vulnerabilities, enabling customers to protect
sensitive information during the deployment of new patches across their
TeamSHATTER, the research arm of Application Security, Inc., is the
largest dedicated database security, vulnerability and misconfiguration
research team in the world. TeamSHATTER maintains the most comprehensive
knowledgebase of database vulnerability and misconfiguration checks in
the industry and understands how to make security an integral part of an
enterprise’s database security and network management infrastructure.
TeamSHATTER regularly publishes security advisories, technical papers
and research information on www.TeamSHATTER.com.
About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security
solutions for enterprise of all sizes. By providing easy to deploy and
manage, highly scalable software-only solutions – AppDetectivePro for
security and risk professionals, and DbProtect for the enterprise –
AppSecInc helps customers achieve unprecedented levels of data security,
while reducing overall risk and helping to ensure continuous regulatory
and industry compliance. Used by more than 1,300 active commercial and
government customers worldwide, our proven and award-winning enterprise
solutions are backed by the world’s most comprehensive database security
knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER.
For more information, please visit: www.appsecinc.com and
follow us on Twitter: www.twitter.com/appsecinc |
DbProtect and AppDetectivePro are trademarks of Application Security,
Inc. All other product names, service marks, and trademarks mentioned
herein are trademarks of their respective owners.
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises.
The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
Oct. 1, 2016 06:15 AM EDT Reads: 788
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls?
In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Oct. 1, 2016 06:00 AM EDT Reads: 1,934
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are:
Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS)
Real-time operational tempos (IT, people and business processes) must be achieved
Businesses that can "analyze data and act and with speed" will dominate those t...
Oct. 1, 2016 05:45 AM EDT Reads: 1,332
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone.
Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
Oct. 1, 2016 05:30 AM EDT Reads: 625
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care.
I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind.
Don't just log my data; use the relationship graph.
In his session at @ThingsExpo, Ryan Boyd, Engi...
Oct. 1, 2016 05:15 AM EDT Reads: 1,434
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Oct. 1, 2016 05:00 AM EDT Reads: 4,752
Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide-from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on its established design leadership, Adobe enables customers not o...
Oct. 1, 2016 04:45 AM EDT Reads: 568
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Oct. 1, 2016 04:30 AM EDT Reads: 1,812
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
Oct. 1, 2016 04:00 AM EDT Reads: 5,478
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures.
In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Oct. 1, 2016 04:00 AM EDT Reads: 1,656
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Oct. 1, 2016 04:00 AM EDT Reads: 3,127
There is growing need for data-driven applications and the need for digital platforms to build these apps.
In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications.
In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Oct. 1, 2016 03:00 AM EDT Reads: 1,975
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not.
In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Oct. 1, 2016 03:00 AM EDT Reads: 2,453
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes.
In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
Oct. 1, 2016 02:30 AM EDT Reads: 2,717
Businesses are struggling to manage the information flow and interactions between all of these new devices and things jumping on their network, and the apps and IT systems they control. The data businesses gather is only helpful if they can do something with it.
In his session at @ThingsExpo, Chris Witeck, Principal Technology Strategist at Citrix, will discuss how different the impact of IoT will be for large businesses, expanding how IoT will allow large organizations to make their legacy ap...
Oct. 1, 2016 02:30 AM EDT Reads: 683
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Oct. 1, 2016 02:15 AM EDT Reads: 761
SYS-CON Events announced today that Numerex Corp, a leading provider of managed enterprise solutions enabling the Internet of Things (IoT), will exhibit at the 19th International Cloud Expo | @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Numerex Corp. (NASDAQ:NMRX) is a leading provider of managed enterprise solutions enabling the Internet of Things (IoT). The Company's solutions produce new revenue streams or create operating...
Oct. 1, 2016 02:15 AM EDT Reads: 2,153
24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to connect your brand strategy with the right consumer. 24Notion ranked #12 on Corporate Social Responsibility - Book of List.
Oct. 1, 2016 02:15 AM EDT Reads: 534
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Oct. 1, 2016 01:45 AM EDT Reads: 533
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, will discuss key challenges and solutions to powering a ride sharing and/or multimodal model in the a...
Oct. 1, 2016 01:15 AM EDT Reads: 731