Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware

Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to Oracle by researchers PeterJson of VNG Corporation and Nguyen Jang of VNPT in October 2021. […]

The post Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware appeared first on Security Affairs.

June 25, 2022
Read More >>

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […]

The post Multiple malicious packages in PyPI repository found stealing AWS secrets appeared first on Security Affairs.

June 25, 2022
Read More >>

Cybersecurity Agencies Release Guidance for PowerShell Security

PowerShell is one of the most common tools used by hackers in “living off the land” attacks, when malicious actors use an organization’s own tools against itself. This week, U.S. cybersecurity agencies joined their counterparts in the UK and New Zealand to offer guidance so organizations can use PowerShell safely. PowerShell is a command line […]

The post Cybersecurity Agencies Release Guidance for PowerShell Security appeared first on eSecurityPlanet.

June 24, 2022
Read More >>