CyberSecurityBoard
Sponsor Register Login

NCSC Urges Patch for Critical Oracle E-Business Suite Flaw

The UK's National Cyber Security Centre (NCSC) has issued an urgent advisory to patch a critical vulnerability in Oracle E-Business Suite (EBS). This flaw, identified as CVE-2023-21839, allows remote attackers to execute arbitrary code, posing a significant risk to organizations using Oracle EBS. Oracle has released patches to address this security issue, and the NCSC emphasizes the importance of immediate application to prevent exploitation by threat actors. The vulnerability affects multiple versions of Oracle EBS, widely used for enterprise resource planning (ERP) and financial management. Cybersecurity experts warn that unpatched systems could be targeted by advanced persistent threat (APT) groups seeking to gain unauthorized access and disrupt business operations. Organizations are advised to review their Oracle EBS installations, apply the latest security updates, and monitor for any suspicious activity. This incident highlights the ongoing challenges in securing complex enterprise software and the critical role of timely patch management in mitigating cyber risks. Staying informed about such vulnerabilities and responding swiftly is essential for maintaining robust cybersecurity defenses in today's threat landscape.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 07 Oct 2025 09:45:02 +0000


Cyber News related to NCSC Urges Patch for Critical Oracle E-Business Suite Flaw

15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
8 months ago Cybersecuritynews.com
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
2 years ago Securityweek.com
CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago
UK launches vulnerability research program for external experts - NCSC will partner with skilled external vulnerability researchers who will be given objectives to identify flaws in specific products of interest, assess proposed mitigations, and finally disclose the flaws through the 'Equities Process' procedure. ...
3 months ago Bleepingcomputer.com
NCSC Urges Patch for Critical Oracle E-Business Suite Flaw - The UK's National Cyber Security Centre (NCSC) has issued an urgent advisory to patch a critical vulnerability in Oracle E-Business Suite (EBS). This flaw, identified as CVE-2023-21839, allows remote attackers to execute arbitrary code, posing a ...
1 month ago Infosecurity-magazine.com CVE-2023-21839
NCSC says AI will increase ransomware, cyberthreats - While ransomware activity is already surging, a new National Cyber Security Centre report assessed that the threat will only increase globally over the next year as AI improves phishing and other threat actor techniques. The report is based on an ...
1 year ago Techtarget.com Rocke
NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News - The NCSC, part of the U.K.’s GCHQ intelligence agency, as well as international government and industry partners, uncovered the technical underpinnings of the surveillance software and offered guidance and technical analysis to cybersecurity ...
7 months ago Therecord.media Silence
UK urges critical orgs to adopt quantum cryptography by 2035 - The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. The NCSC's PQC migration guidance primarily ...
7 months ago Bleepingcomputer.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
1 year ago Heimdalsecurity.com
NCSC to Retire Web Check and Mail Check Services - The UK's National Cyber Security Centre (NCSC) has announced the retirement of its Web Check and Mail Check services, which were designed to help organizations identify vulnerabilities in their web applications and email security configurations. ...
3 days ago Infosecurity-magazine.com
Security Agency Rolls Out Protective DNS for Schools - The UK's National Cyber Security Centre has announced the launch of a new offering designed to prevent school users visiting malicious websites. PDNS for Schools is completely free and will be rolled out from now into the coming year, according to ...
1 year ago Infosecurity-magazine.com
CL0P Ransomware Exploits Oracle E-Business Suite 0-Day Vulnerability - The CL0P ransomware gang has been observed exploiting a zero-day vulnerability in Oracle E-Business Suite, a widely used enterprise resource planning software. This critical security flaw allows attackers to gain unauthorized access and deploy ...
1 month ago Cybersecuritynews.com CVE-2023-XXXXX CL0P
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
1 year ago Securityzap.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
1 year ago Techtarget.com
Business Continuity Planning - CISO’s Critical Role - In the evolving landscape of cyber threats, the Chief Information Security Officer (CISO) plays a critical role in strengthening organizational resilience and advancing Business Continuity Planning to ensure sustained business operations. When CISOs ...
6 months ago Cybersecuritynews.com
NCSC Urges Organizations to Upgrade Microsoft Windows 11 to Defend Cyberattacks - The National Cyber Security Centre (NCSC) has issued a critical advisory urging organizations to prioritize upgrading to Windows 11 before the October 14, 2025 end-of-life deadline for Windows 10. Historical precedents demonstrate the devastating ...
3 months ago Cybersecuritynews.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
1 year ago Theregister.com Lazarus Group
UK shares security tips after major retail cyberattacks - However, BleepingComputer has learned that both the M&S and Co-op attacks have been attributed to hackers utilizing tactics commonly associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, ...
6 months ago Bleepingcomputer.com Scattered Spider LAPSUS$ Dragonforce
Oracle releases emergency patch for new E-Business Suite flaw - Oracle has urgently released a security patch addressing a critical vulnerability in its E-Business Suite, a widely used enterprise resource planning (ERP) software. This flaw, if exploited, could allow attackers to gain unauthorized access or ...
4 weeks ago Bleepingcomputer.com CVE-2024-28145
Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
7 months ago Bleepingcomputer.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
1 year ago Techtarget.com
SailPoint unveils two sets of new offerings to help companies grow their identity security program - SailPoint unveiled two sets of new offerings designed to give customers options as they build their identity program, while driving customer success throughout their identity journey. First, the company is extending the family of SailPoint Identity ...
1 year ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)