Security News > 2020 > November > Recent WebLogic Vulnerability Likely Exploited by Ransomware Operators

Recent WebLogic Vulnerability Likely Exploited by Ransomware Operators
2020-11-06 18:45

At least one ransomware operator appears to have added to their arsenal an exploit for a recently patched vulnerability in Oracle WebLogic.

Tracked as CVE-2020-14882 and considered critical severity, the vulnerability was addressed in Oracle's October 2020 Critical Patch Update.

The first attacks targeting the vulnerability appeared within the first week after patches were released.

Now, Morphus Labs security researcher and SANS ISC handler Renato Marinho reveals that WebLogic honeypots have detected a large number of scans for CVE-2020-14882, with some of them performed by crypto-mining operators.

Over the weekend, he also explains, one campaign targeting the vulnerability started leveraging a series of obfuscated PowerShell scripts to fetch a Cobalt Strike payload. Given that roughly two-thirds of all of the ransomware attacks observed over the past quarter have leveraged Cobalt Strike, the new set of scans was likely the doing of a ransomware operator.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/MbUahx9tO9g/recent-weblogic-vulnerability-likely-exploited-ransomware-operators

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
10.0