Security News

The majority of UK businesses using Oracle E-Business Suite are running on old versions of the business critical ERP system, according to a Claremont study. With Oracle cutting off premier support to EBS 12.1 in December 2021, this leaves these businesses facing potential legislative and security issues if they fail to upgrade prior to the deadline.

FireEye Mandiant has published detailed information on an Oracle Solaris vulnerability that has been exploited in attacks by a sophisticated threat actor. The flaw allows an unauthenticated attacker to compromise Oracle Solaris systems.

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

The vulnerability exists in the Oracle Solaris Pluggable Authentication Module and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system. "In mid-2020, we observed UNC1945 deploy EVILSUN-a remote-exploitation tool containing a zero-day exploit for CVE-2020-14871 - on a Solaris 9 server," said researchers with FireEye, in a Monday analysis.

A threat actor has been observed targeting Oracle Solaris operating systems for over two years, including with an exploit for a recently addressed zero-day vulnerability, FireEye reported on Monday. In late 2018, the threat actor was observed compromising a Solaris server that had the SSH service exposed to the Internet, to install the SLAPSTICK backdoor on it, in order to steal credentials.

The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert.

While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Oracle has released an out-of-band security alert for a critical remote code execution vulnerability affecting WebLogic Server. "This Security Alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. [] It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," Oracle notes in its advisory.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

Easily exploitable RCE in Oracle WebLogic Server under attackA critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. DNS attacks increasingly target service providersThe telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. Hackers breach psychotherapy center, use stolen health data to blackmail patientsNews of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.