Gartner Inc. has warned that Oracle Corp. databases no longer deserve their reputation for security and advised systems administrators to do more to protect their systems.Analyst Rich Mogull came out with the warning on Monday, a few days after Oracle released its latest round of patches for a large number of serious security problems.“Oracle can no longer be considered a bastion of security,” he said in a research note.The patches fixed 82 vulnerabilities across Oracle’s various product lines, with the flagship database alone counting 37 bugs, some of which could allow remote access to databases. “The range and seriousness of the vulnerabilities patched in this update cause us great concern,” Mogull said. “Oracle has not yet experienced a mass security exploit, but this does not mean that one will never occur.”He said administrators often neglect to patch regularly because of Oracle’s historically strong security and the fact that Oracle applications and databases are often not directly exposed to the outside world. “Moreover, patching is sometimes impossible, due to ties to legacy versions that Oracle no longer supports,” Mogull said. Administrators need to wake up, however, to the fact that they are no longer secure, with Oracle vulnerabilities being discovered and disclosed increasingly often, and more exploit tools and proof of concept code circulating online.Oracle doesn’t help the matter by supplying less information about bugs than the industry standard, and publishing patches that are faulty or difficult to use, Mogull said. Oracle also doesn’t supply workarounds.Gartner recommends administrators to shield their systems with technologies such as firewalls and intrusion prevention systems, apply patches as quickly as possible, and to use security monitoring tools and other supplemental security methods.Oracle users also need to pressure the company to change its security practices, Mogull said.The company has been taken to task several times recently over the poor quality of its patches, several of which have had to be themselves patched — with some of these fixes also having to be fixed. However, Gartner’s warning gives such criticisms a new level of prominence.One of Oracle’s most vocal critics, Alexander Kornbrust of Red Database Security, last spring even released a rootkit which he said demonstrates weaknesses in Oracle databases. Kornbrust said this week he will release version 2.0 of the rootkit at this spring’s Black Hat Conference, according to a report. Kornbrust said the new version will allow attackers to disguise attacks without modifying database views, and will erase evidence of a hack whenever the database is restarted.By Peter Judge – Techworld.com Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe