Security News > 2020 > November > Recent WebLogic Vulnerability Likely Exploited by Ransomware Operators
At least one ransomware operator appears to have added to their arsenal an exploit for a recently patched vulnerability in Oracle WebLogic.
Tracked as CVE-2020-14882 and considered critical severity, the vulnerability was addressed in Oracle's October 2020 Critical Patch Update.
The first attacks targeting the vulnerability appeared within the first week after patches were released.
Now, Morphus Labs security researcher and SANS ISC handler Renato Marinho reveals that WebLogic honeypots have detected a large number of scans for CVE-2020-14882, with some of them performed by crypto-mining operators.
Over the weekend, he also explains, one campaign targeting the vulnerability started leveraging a series of obfuscated PowerShell scripts to fetch a Cobalt Strike payload. Given that roughly two-thirds of all of the ransomware attacks observed over the past quarter have leveraged Cobalt Strike, the new set of scans was likely the doing of a ransomware operator.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 9.8 |