An exploit that leverages one of the three-dozen vulnerabilities patched Tuesday by Oracle has been spotted in the wild, a security company said Thursday, making patching even more essential.
According to an alert sent by Symantec to customers of its DeepSight system, an exploit for one of the Oracle flaws was published on the Bugtraq security mailing list. The exploit, which targets one of the Oracle Database 10g bugs, escalates privileges of existing users to give them total access to the database.
Additionally, more information has been posted online by German security researchers with Red Database Security that Symantec said "will allow a sufficiently skilled attacker to develop an exploit for [another] vulnerability in a few minutes or hours."
"I think it's credible that someone will try to use these exploits," said Alfred Huger, senior director of engineering for Symantec's security response team. "Then you're in big trouble."
Getting low-level access to a database is not hard, added Huger, since attackers can exploit other vulnerabilities. "But once in, they want to get into the entire database. For that, they need to escalate their privileges. So exploits that do that, like this one, are worth their weight in gold."
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
