Join Ping Identity and Hub City Media for a VIP lunch, offering a unique blend of style and premier networking opportunities. Connect with industry peers, expand your professional circle, and immerse yourself in the vibrant atmosphere—all while enjoying your customized sunglasses.

Venue

One of the things that make Pappas Restaurants different from other restaurant companies is that Pappas not only run our restaurants to feed our loyal Guests day in and day out, we also own and drive the trucks that deliver the freshest meats and seafood to our restaurants every day. We employ the electricians who keep the lights on and the kitchens humming. 

The Pappas Bros. secret to incredible meat is the dry-aging process, and there are only three written copies of our exact dry-aging process in existence: one with the Pappas brothers themselves and one at each location. Many competitors ask exactly how we do it, but we’ll never tell. All the copies are stored in safes to protect the secret.

Location: Houston Galleria

5839 Westheimer Rd., Houston, TX 77057

Agenda

11:30am

Networking + Sunglasses

Network while letting the creativity flow in making your own personalized sunglasses

12:00pm

Ping & Hub City Spotlight + Lunch

Why Ping Identity & Hub City Media? A brief look into Ping & Hub City followed by arguably the best steak in Texas!

Join us for Top Golf Tee-Off: Acing Your Customer Identity Migration!

Is 2024 the year you are re-evaluating your identity provider?

Join Hub City Media & Ping Identity for a look into 2024: A new era in identity security (along with great food, drinks and golfing fun). We will demonstrate exclusive automated migrations tools you can leverage to migrate from a current IDP to Ping Identity.

In this workshop you will:

• Uncover the next chapter in Identity Security solutions with Ping Identity

• Get a first look into ID Transformer: Our latest automated migration tool

• Have Lunch on us and the full TopGolf Experience

Space is limited, register now and secure your spot!

*** Attendance is by invitation only, you will receive confirmation after reserving your spot***

What: Top Golf Tee-Off: Acing Your Customer Migration!

When: Tuesday, February 20th , 1:00 PM to 5:00 PM

Where: TopGolf 10 Topgolf Dr. San Jose, CA

What else: TopGolf, beverages and hors d’oeuvres! After the workshop, experience heated golf bays in the heart of Silicon Valley

By supplying my contact information, I authorize Hub City Media, its vendors and partner community to contact me with personalized communications about their products and services. Please review our Privacy Policy for more details or to opt-out at any time.

https://www.hubcitymedia.com/privacy-policy

Affected Component(s): 

OAM Server and Webgates configured using SIMPLE mode 

Description:

Oracle Access Manager (OAM) installations that use the Out of the Box CA Signing Certificate, which expires in March 2024. If no action is taken, interruptions in service will be experienced.

• SIMPLE Mode for the Oracle Access Protocol (OAP) communication has will be deprecated as of March 2024

• SIMPLE Mode certificates cannot be renewed or regenerated

Solution: 

There are 2 possible solutions for 11g deployments:

 1. Change to certificate mode communications

 2. Change to open communication (This is inherently less secure and not recommended)

HCM can help you by reconfiguring OAM/WebGate communication configuration to use alternate modes to avoid any downtime.

Contact us today to discuss your options.

ForgeRock Enterprise Connect

Reducing the Risk of Account Compromise

Join ForgeRock and Hub City Media to learn about this exciting new enhancement of the Forgerock Identity Platform. ForgeRock Enterprise Connect can be used in conjunction with ForgeRock Identity Cloud and self-managed deployments of the ForgeRock identity platform to extend access controls to workforce resources easily. 

Learn how Enterprise Connect Can be quickly and easily deployed to:

• Provide MFA access to Windows workstations and remote desktops

• Provide desktop SSO to the ForgeRock Identity platform

• Protect virtual private networks (VPN’s) via Windows RADIUS proxy.

Why Many MFA Programs Fail Strong Authentication Cyber Insurance Criteria:

And what to do about it.

Like many businesses, you started the MFA journey and might even consider it at a level of maturity. Yet, when questioned to rate compliance coverage or cyber insurance requirements for strong authentication business-wide, do you have a moment of pause?
 
Workforce identity workflows are complicated, with an extensive portfolio of assets and legacy applications that create gaps in strong authentication coverage. However, organizations need to trust nothing and no one - and have to prove strong authentication is in place to regulators and cyber insurance underwriters.
Join our expert panel discussion on how to strengthen your authentication system and fill coverage gaps:

What you’ll learn

• Understand how MFA programs can overcome strong authentication challenges from legacy applications and privileged users

• Get tactics and strategies recommendations that accelerate your journey to Full Passwordless.

• Learn from our real-world experiences in meeting MFA challenges head-on

Watch:

Smart Best Practices for Implementing Delegated Authorization Management

Join PlainID’s VP of Product Strategy Nadav Well, along with Hub City Media’s Founder and CTO, Steve Giovannetti for a webinar on Smart Best Practices for Implementing Delegated Authorization Management.

With PlainID’s CRO Tom Ammirati moderating, Gal and Steve will deep dive into a technical discussion, reviewing the importance of:

• How to accelerate Time to Market

• Simplifying Identity Lifecycle Management

• Improving Visibility and Control

• Solving challenges around managing identities you don’t control

• Improving 3rd party user experience

• Gaining insight into 3rd party activities
  
  This webinar will also includes a “Q and A” session to answer any questions that arise during the discussion.

Watch:

Impact on User Journeys, Risk Mitigation & Data Governance

Join PlainID’s Co-Founder and Chief Product Officer Gal Helemski, along with Hub City Media’s Founder and CTO, Steve Giovannetti, on May 17, at Noon Eastern for a fireside chat around NextGen Authorization -  modernized security and the impact on user experience, risk mitigation, and access control.

With PlainID’s CRO Tom Ammirati moderating, Gal and Steve will deep dive into a technical discussion, reviewing the importance of:

• Dynamic Real Time Authorization

• Authorization Based on Contextual Data

• Integration with Existing IAM Infrastructure

• No Code Authorization Policy Management

• How to achieve Zero Trust Architecture using PlainID
  
  This webinar will also includes a “Q and A” session to answer any questions that arise during the discussion.

Watch:

A technical look into deploying and operating containerized IAM

Time is of the essence when it comes to developing and deploying capabilities that support remote work and online business. One of the best ways to speed time to market and increase efficiency is through an IAM solution that supports a DevOps model utilizing containerization and orchestration technologies such as Docker and Kubernetes.

Watch experts from ForgeRock and Hub City Media review the architecture behind a containerized IAM solution and critical success factors for a successful deployment, including:

* Architecture and processes guiding containerized IAM on public cloud solutions (AWS, GCP, Microsoft Azure)
* Focus on building infrastructure using Configuration as Code techniques
* Product deployment and configuration using a Continuous Integration approach
* Lessons learned and a look into successful customer environments
* What’s new in ForgeOps 7.1?

This session will also includes a demonstration of how to deploy the ForgeRock platform in 5 minutes.

WATCH BELOW:

Apex talks to Steve Giovannetti, the CTO and Founder of Hub City Media, a software integration and development consultancy. Giovannetti has worked in information technology since 1988 and was creating commercial applications based on Internet technologies as early as 1995. Here, Steve discusses how he has been and continues to navigate the post pandemic landscape within ML/AI, Cloud, and more at Hub City Media!

Q: What are the roles and responsibilities of the CTO within your services organization?

A: In an organization like Hub City Media, I wear a few different hats. Ultimately, I’m asked to make decisions and research new Identity and Access management technologies and products nearly every day. More specific parts of my job include:

• Looking at new products or services we might develop in house.

• Researching and developing new technologies we can apply to our service delivery like devops, cloud or AI.

• Coming up with creative solutions to client problems. One of the most common has been helping them deal with the challenges presented by COVID-19.

Q: What sorts of challenges did COVID-19 cause for your clients?

A: The most prevalent challenge was navigating from working in an office to having their entire staff working remotely. Most organizations had access infrastructure like VPNs in their office networks, but these infrastructures weren’t stressed like they were when their entire staff I started working from home. We helped our clients navigate through shoring up capacity, as well as implementing more secure remote access authentication technologies (like multi-factor authentication). This allowed them to connect securely to their on premise or even cloud Applications.

Q: Have you found new vendors for your organizations that are now needed in this time of COVID-19 and remote working?

A: Maybe not new vendors, but there certainly were existing strong authentication vendors that saw a jump in activity once companies wanted to grant more access to applications from remote locations. We saw colossal interest and activity with Access Management, multi-factor authentication and passwordless authentication.

Q: Did you have specific projects or initiatives that have been shelved due to COVID-19 and current realities?

A: Very early at the start of the pandemic, we saw some projects get put on hold; however, that

changed once companies resolved the remote access issue. Then, oddly enough, it was business as usual, and companies even started new initiatives on how to improve remote work. For example, we had one client ask us to help them completely automate their hiring process via their Identity Management system, which was only partially automated at the start of the pandemic.

Q: Where are you in the journey of utilizing hybrid cloud and DevOps? What challenges are you facing?

A: Hub City Media was a very early adopter of public cloud, and immediately grasped the importance of DevOps as a practice and as a set of technologies. We spearheaded early efforts to deploy Identity and Access Management systems using Docker and Kubernetes. That practice is quite mature now, and we are constantly improving our techniques. We’ve been doing a lot more with Infrastructure as Code and automating the provisioning of cloud services where we then deploy products. This has allowed us to decrease time to value for our clients, so we spend less time on infrastructure and more time delivering the functionality they are looking to leverage.

Q: Are you seeing more organizations deploying “Enterprise AI” to address Identity and Access Management or just security in general?

A: Yes. AI is becoming more prevalent in Identity and Access Management systems, especially in Identity Governance, where a lot of the burden is placed on members of an organization, specifically managers, to certify the access of their teams. This is a tremendously tedious task that can mostly be delegated to AI. We are also seeing the application of machine learning to deal with identity role engineering in large enterprises. This is another task where humans get overwhelmed in the data analysis to properly define birthright roles – a perfect task for Machine Learning.

Q: What is the current state of Big Data and AI investment? Do you sense the pace of Big Data and AI investment changing?

A: I see it accelerating in the Identity and Access Management sector. The new products on the market make it fairly easy to prove out value in a quick proof of concept. I would expect using AI for Identity Governance to become quite commonplace, and for it to extend to using AI/ML to make Access Management decisions in the future. That will be driven by analyzing access behaviors of users over time – again, an impossible task for a human to perform or even to codify rule sets in advance, but a perfect application of AI/ML.

Steve Giovannetti – CTO & Founder of Hub City Media

Steve Giovannetti is the CTO and Founder of Hub City Media, a software integration and development consultancy. Giovannetti has worked in information technology since 1988 and was creating commercial applications based on Internet technologies as early as 1995. He specializes in the analysis, design and implementation of distributed, multi-tier, applications, and heavily focuses on containerized solutions and running Identity in the cloud. Since 1999, Giovannetti and Hub City Media have been deploying production identity management, directory, and web access management systems for commercial, government and education customers.

Passwordless has become a popular buzzword in the cybersphere, promising better authentication security in many shapes and forms. But in reality, most solutions fall short of answering the real-world needs of enterprises, let alone break the age-old tension between good security and positive user experience. Can organizations truly eliminate passwords? Is the technology strong enough? Does it live up to the hype?

Watch an expert panel consisting of Ben Goodman, SVP, Global Business & Corporate Development, ForgeRock, Shimrit Tzur-David, CSO and Co-founder, Secret Double Octopus and Steve Giovannetti, CTO and Founder, Hub City Media discussing:

• Common challenges when implementing passwordless authentication in the enterprise — and how companies can address these

• Critical success factors for every passwordless solution

• Business benefits of a passwordless solution

• Is a passwordless solution more secure than traditional MFA?

• How to transition to a passwordless environment at your own pace

As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.

We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.

For assistance with applying these patches, contact us. 

Oracle WebLogic Server 10.3.6

Product: Oracle WebLogic Server 10.3.6.0.0

Subcomponent(s): TopLink Integration, Core, Console, Web Services

Patch Number: 32403651

 Vulnerability Details: Both easily exploitable and difficult to exploit vulnerabilities allowing unauthenticated or high privileged attackers with network access via HTTP, HTTPS, T3, or IIOP to compromise Oracle WebLogic Server.  Some successful attacks require human interaction from a person other than the attacker.  While the vulnerability is in Oracle WebLogic Server these attacks could significantly impact other products.  

Successful attacks can result in:

• unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data

• unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data 

• unauthorized read access to a subset of Oracle WebLogic Server accessible data

• unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server

Java SE 7

Product: Java SE 7

Subcomponent(s): Libraries 

 Patch Number: 32464070

 Vulnerability Details: Difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition.  Some of the attacks require additional human interaction but not all.  

 Successful attacks can result in:

• unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.

Oracle Solaris

Product: Oracle Solaris

 Subcomponent(s): Kernel

 Patch Number: 11.4.30.88.3

 Vulnerability Details: Easily exploitable vulnerability allows low privileged attackers with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.

 Successful attacks can result in:

• Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Oracle Solaris accessible data.

Oracle Coherence

Product: Oracle Coherence

 Subcomponent(s): Core

 Patch Number: 32581736

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Coherence. 

 Successful attacks can result in:

• Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data.

In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.

Without an automated way to verify employee and customer identities, organizations are opening themselves up to various risks - social engineering, phishing attacks and human error.

Working from home has also presented unique challenges that not everyone was addressing before. For example, with the acceleration of digital transformation with COVID-19, identity fraud is on the rise. The bar that constitutes 'easy' fraud is getting higher, and without the right approach in place, businesses will struggle to keep pace with both high quality and high volumes of attacks.

ID Verification can seamlessly integrate to the on-boarding process, allowing users to create their digital identity, while also securing that they are the right person.

Watch Mickey Martin, Global Head of Sales Engineering at Onfido, and Steve Giovannetti, CTO and Founder of Hub City Media, discuss the value and benefits of incorporating ID Verification into your infrastructure.

Topics include:

• Account recovery and MFA re-registration

• Common use cases that required ID Verification

• Implementation best practices and requirements

ID Verification may be something that your organization has been putting off, or maybe something that you think you can survive without. Watch to find out how truly essential it is to the security of your data.

Who is Onfido?

Onfido is setting the new standard for digital access. The company digitally proves a user’s real identity using artificial intelligence (AI), by verifying a photo ID and comparing it to the person’s facial biometrics. This means businesses can verify their users without compromising on experience, conversion, privacy or security. That’s how Onfido gives companies the assurance they need to onboard customers remotely and securely.

www.onfido.com

www.linkedin.com/company/onfido/

www.twitter.com/onfido

Mickey Martin

Global Head of Sales Engineering

Mickey Martin is an expert in identity access management, identity proofing and effective customer registration processes. He's built extensive experience in the identity space previously working at Forgerock, Oracle and Transmit Security. Mickey now works with Onfido, helping the company to understand how Identity Verification and Identity Access Management can solve business critical problems for their clients.

Who is Hub City Media?

Hub City Media is an Identity and Access Management consultancy specializing in IAM implementations, product development and support services. Hub City Media resells and distributes Onfido’s identity verification and authentication services integrated with a number of existing identity solutions, including ForgeRock’s modern identity platform. By integrating Onfido’s technology, CIAM customers can reduce abandonment rates caused by complex registration forms and create trust with their customers as soon as they are on-boarded, providing a more personalized and consistent experience across all their business units.

www.hubcitymedia.com

Steve Giovannetti

CTO and Founder of Hub City Media

Steve Giovannetti is the Chief Technology Officer of Hub City Media, Inc. Steve has worked in information technology since 1988 and was creating commercial applications based on Internet technologies as early as 1995. He specializes in the analysis, design and implementation of distributed, multi-tier applications using Java and other dynamic languages, with a heavy focus on running IAM in the cloud. Since 1999, Steve and his company have been deploying production identity management, directory and web access management systems for commercial, government and education customers.

https://www.linkedin.com/in/stevegiovannetti/

Secret Double Octopus (SDO), the leader in enterprise passwordless authentication, and winner of ForgeRock's Global Partner Award for Workforce Technology, is partnering with Hub City Media (HCM), an Identity and Access Management (IAM) consultancy and ForgeRock's 2020 Americas Partner of the Year.

HCM offers advisory and implementation services alongside managed cloud and support services across the globe for a wide range of industries. With over 20 years of IAM experience, HCM's extensive expertise in the industry continues to make them a leading partner for security platforms from leaders such as ForgeRock, Oracle and CyberArk.

SDO is revolutionizing workforce authentication with its Octopus Passwordless Enterprise™ technology, designed and built from the ground up for the unique requirements of complex enterprise infrastructure. The Octopus platform is to date the only enterprise-grade solution able to solve any authentication use-case, from the workstation to any app and service, in a simple and secure manner. Its seamless integration with ForgeRock's identity platform offers a novel plug-and-play desktop MFA for the entire workforce, and a clear path to becoming a passwordless enterprise.

As an expert in IAM deployments, HCM will work to seamlessly integrate ForgeRock and SDO with client environments to secure enterprise assets - applications, desktop, mobile and more. Passwordless Authentication enhances workforce security while providing a frictionless user experience.

"We see a large amount of workforce IAM deployments, and this has become a focus for us over the years," said Phillippe Monrougie, CEO of Hub City Media. "Secret Double Octopus has a similar focus, and has created a desktop authentication product that is the perfect fit for ForgeRock clients, and optimizes their platform. With HCM and SDO as key partners for ForgeRock, it was a great opportunity to go to market together."

"We are thrilled to partner with Hub City Media and help more ForgeRock users simplify security for their employees," said Raz Rafaeli, CEO and co-founder, Secret Double Octopus. "By providing a seamlessly integrated desktop MFA, and universal passwordless authentication across the enterprise, HCM and Secret Double Octopus enable companies to make the most out of their ForgeRock deployments. This new partnership will help IT and security managers in making their employees much happier and their domain dramatically more secure."

Learn More:
www.doubleoctopus.com 
www.hubcitymedia.com 

See original Press Release from PR Newswire

Customer Journey: Enhance Your Office365 Login Experience with ForgeRock Intelligent Access 

Watch the replay, as Simon Moffatt, Director of Product Management at ForgeRock, and Steve Giovannetti, CTO and founder of Hub City Media give a compelling case study overview of a global 500's journey integrating the ForgeRock Identity Platform with Office365. 

• The challenge: Modernize access to Office365 to deliver secure and user-friendly experiences

• The approach: Leverage ForgeRock's industry leading global Identity Platform for authentication, self service, MFA and federation

• The results: A secure and streamlined user authentication experience that works with web, desktop and mobile Office365 applications, allowing rapid integration of legacy and future applications 

Organizations who take advantage of the ability to integrate Office365 with ForgeRock can: 

• Provide Direct Access to Various Users: Visually design user journeys for workforce and consumers with an intuitive interface that makes it easy to create a variety of security and risk profiles

• Reduce Complexity: Offer user self service for registration, progressive profiling and forgotten credentials directly inline with the authentication experience

• Enable Adaptive and Modular Security: Automatically redirect suspicious users for further monitoring

• Consolidate Existing Technologies: Seamlessly integrate legacy, on-premise, SaaS and Microsoft applications with one set of modern identity services

Learn how ForgeRock and Hub City Media delivered a seamless integration for this global 500 company and how the process has been made repeatable for other organizations.

As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.

We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.

For assistance with applying these patches, contact us. 

Java SE 7

Product: Java SE 7

 Subcomponent(s): Libraries

 Patch Number: 13079846

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded.

 Successful attacks can result in:

• Unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Java SE 8

Product: Java SE 8

 Subcomponent(s): Libraries

 Patch Number: 18143322

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded.

 Successful attacks can result in:

• Unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.

Oracle BI Publisher 11.1.1.9.0, 12.2.1.3.0

Product: Oracle BI Publisher 11.1.1.9.0, Oracle BI Publisher 12.2.1.3.0

Subcomponent(s): Administration, BI Publisher Security, E-Business Suite - XDO, Web Server

Patch Number: 32310890 (11.1.1.9.0), 32294042 (12.2.1.3)

Vulnerability Details: Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products.

 Successful attacks can result in:

• Unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data

• Unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data

• Unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher

Oracle WebLogic Server 10.3.6

Product: Oracle WebLogic Server 10.3.6.0.0

Subcomponent(s): Web Services, Core Components, Samples, Console, Console (Apache Common Beanutils), Sample Apps (Spring Framework)

Patch Number: 32052267, 32134024

Vulnerability Details: Easily exploitable vulnerability allows unauthenticated, low privilege, or high privilege attackers with network access via HTTP, or IIOP/T3 to compromise Oracle WebLogic Server. 

Difficult to exploit vulnerability allows a low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products.

 Successful attacks can result in:

• Takeover of Oracle WebLogic Server.

• Unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data.

• Unauthorized read access to a subset of Oracle WebLogic Server accessible data.

• Unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

Oracle WebLogic Server 12.2.1.3

Product: Oracle WebLogic Server 12.2.1.3

Subcomponent(s): Core Components (Connect2id Nimbus JOSE+JWT), Core Components, Samples, Console (Apache Commons Beanutils), Console, Sample Apps (Spring Framework), Sample Apps (jQuery), Centralized Thirdparty Jars (Google Guava)

Patch Number: 32300397, 32148634

Vulnerability Details: Easily exploitable vulnerability allows unauthenticated, low privileged, and high privileged attackers with network access via HTTP, or IIOP/T3 to compromise Oracle WebLogic Server. 

Difficult to exploit vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products.

Successful attacks can result in:

• Takeover of Oracle WebLogic Server.

• Unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data.

• Unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data.

• Unauthorized read access to a subset of Oracle WebLogic Server accessible data.

• Unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

• Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.

December 1, 2020

Hub City Media, an identity and access management consultancy, and ForgeRock®, the leading provider in digital identity, are honoring Phoenix Metro Area healthcare workers on this Giving Tuesday by hand-delivering sweet treats to several area hospitals, including HonorHealth, Dignity Health, Redirect Health and Banner Health. The companies have joined together to give back to local healthcare heroes to show how much they are appreciated today and every day.  

 “Our mission at ForgeRock is to help people safely and simply access the connected world,” said Mark Rosato, healthcare client director, ForgeRock. “We’ve seen our healthcare customers work tirelessly to treat the most acute cases in person and find new ways of connecting to patients remotely. We’ve been inspired by the organizations we’ve partnered with to keep communities healthy and we felt it was our turn to do something special for them on Giving Tuesday.”

 “The medical community has sacrificed so much this year. We’re happy to provide a little sweetness to these healthcare heroes who continue to make a difference every day,” added Kimberly Stanfel, account director, Hub City Media.

 Giving Tuesday was established as a day for people around the world to give back to their local communities. Hub City Media and ForgeRock are thrilled to be able to kick off the holiday season by showing gratitude for the ongoing efforts of the Phoenix area hospitals who are the recipients of this grassroots initiative. There are so many more people we want to shower with our appreciation, so to every healthcare worker across the globe – thank you and you rock!

 You can follow our journey to each hospital by following ForgeRock, Hub City Media and #ForgeRockGives on Twitter, LinkedIn, Instagram and Facebook.

About Hub City Media

An identity and access management consultancy, and ForgeRock’s Americas Partner of the Year for 2020, Hub City Media offers advisory and implementation services, managed cloud and support services and simple, powerful, easy to integrate products. Our comprehensive U.S. based organization is equipped to partner with clients in every global location and time zone.

Thank you to Andrea at CookiesByDesign on McDonald Street for making these delicious treats!

Official Press Release

As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.

We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.

For assistance with applying these patches, contact us. 

Java SE 7

Subcomponent(s): Hotspot, JNDI, Libraries, Serialization

 Patch Number: 13079846

 Vulnerability Details: Difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded. Some successful attacks require human interaction from a person other than the attacker, others do not.

 Successful attacks can result in:

• unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data

• unauthorized read access to a subset of Java SE, Java SE Embedded accessible data

• unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded

Java SE 8

Subcomponent(s): Hotspot, JNDI, Libraries, Serialization

 Patch Number: 18143322

 Vulnerability Details: Difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded. Some successful attacks require human interaction from a person other than the attacker, others do not.

 Successful attacks can result in:

• unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data

• unauthorized read access to a subset of Java SE, Java SE Embedded accessible data

• unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded

WebLogic Server 12.2.1.3

Subcomponent(s): Centralized Thirdparty Jars, Console, Core, Web Services, jQuery

 Patch Number: Patchset 31961038

 Vulnerability Details: Easily exploitable vulnerabilities allow for both unauthenticated and highly privileged attackers with network access via HTTP, IIOP, or T3  to compromise Oracle WebLogic Server.  Some successful attacks would require human interaction from someone other than the attacker to be successful.  While the vulnerabilities are in Weblogic Server, attacks might significantly impact additional products. There is also a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks would require human interaction from a person other than the attacker for this vulnerability.

 Successful attacks can result in:

• takeover of Oracle WebLogic Server

• unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data

• unauthorized creation, insert, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as 

• unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data

WebLogic Server 10.3.6

Subcomponent(s): Console, Core, jQuery, Apache Log4j

 Patch Number: Patchset: 31641257

 Vulnerability Details: Easily exploitable vulnerabilities allow for both unauthenticated and highly privileged attackers with network access via HTTP, IIOP, or T3  to compromise Oracle WebLogic Server.  Some successful attacks would require human interaction from someone other than the attacker to be successful.  While the vulnerabilities are in Weblogic Server, attacks might significantly impact additional products. There is also a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks would require human interaction from a person other than the attacker for this vulnerability.  There is another difficult to exploit vulnerability that allows for an unauthenticated attacker with network access via SMTPS to compromise Oracle WebLogic Server.

 Successful attacks can result in:

• takeover of Oracle WebLogic Server

• unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data

• unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data

• unauthorized read access to a subset of Oracle WebLogic Server accessible data

Oracle Access Manager 11.1.2.3.0

Subcomponent(s): Web Server Plugin (RSA BSafe)

 Patch Number: 31710235 

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager

 Successful attacks can result in:

• Takeover of Oracle Access Manager

Oracle BI Publisher 12.2.1.3.0

Subcomponent(s): E-Business Suite - XDO, BI Publisher Security, Mobile Service, BI Publisher Security (jQuery)

 Patch Number: 31690029

 Vulnerability Details: Easily exploitable vulnerability allows low privileged users with network access via HTTP to compromise BI Publisher. Attacks may significantly impact additional products. Some successful attacks require human interaction from a person other than the attacker.

 Successful attacks can result in:

• Complete access to all BI Publisher accessible data

• Unauthorized update, insert, and/or delete access to some BI Publisher accessible data

• Unauthorized read access to a subset of BI Publisher accessible data

Oracle BI Publisher 11.1.1.9.0

Subcomponent(s): E-Business Suite - XDO, BI Publisher Security, Mobile Service

 Patch Number: 31943269

 Vulnerability Details: Easily exploitable vulnerability allows low privileged users with network access via HTTP to compromise BI Publisher. Attacks may significantly impact additional products. Some successful attacks require human interaction from a person other than the attacker.

 Successful attacks can result in:

• Complete access to all BI Publisher accessible data

• Unauthorized update, insert, and/or delete access to some BI Publisher accessible data

• Unauthorized read access to a subset of BI Publisher accessible data

Oracle Solaris 11.4

Subcomponent(s): Pluggable authentication module, Kernel, Filesystem, Utility

 Patch Number: 11.4.26.75.4

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products.  Easily exploitable vulnerability allows low privileged attackers with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Difficult to exploit vulnerability allows low privileged attackers with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products.

 Successful attacks can result in:

• the takeover of Oracle Solaris

• unauthorized access to critical data or complete access to all Oracle Solaris accessible data 

• unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris

• unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris

• unauthorized update, insert or delete access to some of Oracle Solaris accessible data

In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.

Evolving demands and workloads are spurring state agencies and academic institutions to embrace innovative IT solutions that enable DevOps practices and cloud migration efforts.

Watch the webinar from Red Hat and Hub City Media exploring the:

• Relationship between SecOps and DevOps

• Benefits of an automated security model, and how Red Hat simplifies your transition to the cloud

• Practical, real-world applications of deploying security systems with Red Hat's DevOps solution set

Containerization of Directory Services

Enabling a new deployment paradigm

September 30, 2020 - 12:00pm EDT

Watch the replay!

ForgeRock is changing the future of Directory Services with the latest update to the ForgeRock Identity Platform.

Containerization of Directory Services, once a potentially complex deployment option, is now an entirely possible and streamlined solution!

Join ForgeRock and Hub City Media for a look at the latest updates, suggestions for a successful containerized deployment, and the possibilities that come with the new enhancements in ForgeRock's Identity Platform.

ForgeRock Product Management Director - Ludovic Poitou - revies the seismic updates and the new functionality available with ForgeRock Identity Platform, providing expanded options and new frameworks. Deployments can now be delivered more efficiently and succinctly, as well as with simplicity to run on containers. Poitou also covers which elements of the platform are auto-scalable and which are not.

Hub City Media CTO and Founder - Steve Giovannetti - dives into the consistently valid and successful architectures and implementations traditionally used to deploy Directory Services.

Watch this webinar to explore all of the new options that the ForgeRock Identity Platform delivers.

Making DevOps Deployments Effortless

Building the Foundation using Automation and Configuration as Code

Watch the replay!

When you decide to deploy IAM using DevOps technology, that comes with a lot of complexity. But how do you make a complex concept painless, and set your organization up for a seamless experience in the future?

The key is to successfully automate and standardize the processes and deployment build to manage the intricacies of a DevOps implementation. In this webinar, we will walk you through how to build the foundation for your DevOps environment and the tools you can use to get there including Terraform, Ansible and a variety of cloud-provided solutions.

- Build infrastructure in a way that is templatized, predictable and flexible
- Shorten the time it takes to deploy ForgeRock in the cloud
- Deep dive into Hub City Media’s automated deployment model

Speakers: Warren Strange (Engineering Director - Forgerock) and Steve Giovannetti (Hub City Media CTO and Founder)