Security News

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.

To help organizations increase the efficiency of their global supply chains, Oracle announced new logistics capabilities within Oracle Fusion Cloud Supply Chain & Manufacturing. The updates to Oracle Transportation Management and Oracle Global Trade Management, a part of Oracle Cloud SCM, help customers reduce costs, make better planning decisions, and improve customer experience.

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. The January 2021 Critical Patch Update addresses issues in both Oracle products and third-party components that are included in the company's products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

Oracle is making its APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily. Oracle APEX Application Development expands on two decades of APEX functionality already used by 500,000 developers as an easy-to-use, browser-based service for creating modern Web and mobile apps.

Oracle announced that Oracle Database 21c, the latest version of the world's leading converged database, is available on Oracle Cloud, including the Always Free tier of Oracle Autonomous Database. "Oracle Database 21c continues our strategy of delivering the world's most powerful converged database engine," said Andrew Mendelsohn, executive vice president, database server technologies, Oracle.

UJET announced its integration with Oracle Cloud CX Service and its availability on Oracle Cloud Marketplace. Oracle Cloud Marketplace is a centralized repository of enterprise applications offered by Oracle and Oracle partners.

Tech giant Oracle Corp. said Friday it will move its headquarters from Silicon Valley to Austin, Texas, and let many employees choose their office locations and decide whether to work from home. "We believe these moves best position Oracle for growth and provide our personnel with more flexibility about where and how they work," the company said in a regulatory filing.

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems. The first attacks targeting it were observed roughly one week after and, in early November, Oracle issued an out-of-band update to address an easy bypass for the initial patch.

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November in the form of an out-of-band security patch.