Security News

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."

A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.

The United States says Russian state-sponsored hacking group Energetic Bear has successfully compromised state, local, territorial, and tribal government networks and stole data from at least two servers. The attacks, conducted since at least September 2020, "Targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the alert reads.

Most of the servers associated with the TrickBot botnet have been taken down following the technical and legal effort announced last week, Microsoft says. The TrickBot operators, which some say are the hackers that also use Ryuk and Conti ransomware, appeared largely unaffected by the takedown attempt, with only a relatively small percentage of the bots being isolated.

Control servers included in the configuration file of new TrickBot samples fail to respond to bot requests, according to researchers at threat intelligence company Intel 471. Days after the announcement Intel 471's researchers revealed that TrickBot resumed operations, and that Emotet was observed serving TrickBot payloads to infected machines.

Puerto Rico's firefighting department said Wednesday that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion. The department's director, Alberto Cruz, said in a statement the situation has not affected its ability to respond to emergencies.

NordVPN has hit the go-live button for the first of its colocated servers. The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting someone else's server in a data centre.

Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.

There was good news for administrators of Microsoft's SQL Server 2019 last night as Cumulative Update 8 emerged, fixing the borkage of its predecessor. Things haven't been going well for the SQL Server 2019 servicing model: Cumulative Update 2 left the SQL Agent a bit unhappy.

Aussie telco Telstra has apologised after a Border Gateway Protocol routing oddity caused traffic destined for encrypted email service ProtonMail to wrongly pass through Telstra's servers. Switzerland-headquartered ProtonMail raged in a blog post that Telstra had engaged in "BGP hijacking" through what it described as "Incompetence and not malice", complaining that "Around 30 per cent of the global internet looking for us got pointed to Telstra instead".