Oracle Critical Patch Updates for April 2014

Oracle has released April 2014 critical Patch Updates addressing serious flaws and vulnerabilities that have been identified. ” Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory” (Oracle, 2014). The patches address  104 security vulnerabilities consisting of Fusion Middleware, Hyperion, Oracle Database, Supply Chain Product Suite,  Siebel CRM, Java SE, and Sun Microsystems Products Suite, including Oracle Linux and Virtualization, iLearning , People-soft Enterprise and Oracle MySQL (Summerised in table 1 below). Due to the serious security lapses caused  by threats and vulnerabilities oracle recommends applying the patches as soon as possible . This Critical Patch Update contains 104 new security fixes across the product families listed below.

“Among the patches that should be prioritized are two bugs in Oracle’s database products. The more severe of these two issues could lead to a full compromise of impacted Windows systems, though exploitation would require that an attacker authenticate him or herself. Other platforms like Linux and Solaris are less affected because the database does not extend into the underlying operating system there”( Threatpost , 2014). Also fixing five vulnerabilities affecting Oracle Linux and Virtualization products. To find out more Click here to visit Oracle site Continue reading Oracle Critical Patch Updates for April 2014


‘Heartbleed’ critical bug affecting most websites in Kenya

OpenSSL is used by most of websites in Kenya (most i come across are open source and made from joomla), so the flaw impacts almost everyone who is using open source web servers like Apache and nginx . Those not impacted by this two year-old bug are immune either because their websites don’t support SSL or they’re using outdated versions of OpenSSL.Heartbleed Bug

“Open SSL is a widely used technology for secure communication over the Internet. In general, that means it was implemented to protect secure data and communications to prevent unauthorized access to information. This vulnerability means attackers can gain access to information, transactions, and other sensitive or valuable data with little restriction – it is very serious.” Dwayne Melancon, CTO of Tripwire (CSO Online, 2014)

For more indepth analysis i have re blogged Codenomicon, 2001-2014 url: Continue reading ‘Heartbleed’ critical bug affecting most websites in Kenya