Security News

PCI Pal announced a new collaboration with Oracle to offer its contact center customers additional security and compliance options for Cardholder Not Present payments. Bringing together Oracle's market-leading Enterprise Session Border Controller with PCI Pal's proven PCI compliance solutions, Oracle customers can ensure that their voice interactions and sensitive cardholder data are secure.

It's notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking aim at the Oracle MICROS Restaurant Enterprise Series 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide, according to ESET. The attacks have mainly been in the U.S., researchers said - though the initial infection vector is unknown.

Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry. Named ModPipe, the malware is a modular backdoor that can steal the passwords for the PoS system databases by decrypting them from Windows registry values.

Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency. Although Muhstik botnet has been around for at least 2018, in December 2019, Palo Alto Networks had identified a new variant of the botnet attacking and taking over Tomato routers.

The majority of UK businesses using Oracle E-Business Suite are running on old versions of the business critical ERP system, according to a Claremont study. With Oracle cutting off premier support to EBS 12.1 in December 2021, this leaves these businesses facing potential legislative and security issues if they fail to upgrade prior to the deadline.

FireEye Mandiant has published detailed information on an Oracle Solaris vulnerability that has been exploited in attacks by a sophisticated threat actor. The flaw allows an unauthenticated attacker to compromise Oracle Solaris systems.

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

The vulnerability exists in the Oracle Solaris Pluggable Authentication Module and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system. "In mid-2020, we observed UNC1945 deploy EVILSUN-a remote-exploitation tool containing a zero-day exploit for CVE-2020-14871 - on a Solaris 9 server," said researchers with FireEye, in a Monday analysis.

A threat actor has been observed targeting Oracle Solaris operating systems for over two years, including with an exploit for a recently addressed zero-day vulnerability, FireEye reported on Monday. In late 2018, the threat actor was observed compromising a Solaris server that had the SSH service exposed to the Internet, to install the SLAPSTICK backdoor on it, in order to steal credentials.

The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert.