Security News

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
2022-09-16 10:58

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
2021-07-22 01:21

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.

Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware
2020-12-02 16:02

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems. The first attacks targeting it were observed roughly one week after and, in early November, Oracle issued an out-of-band update to address an easy bypass for the initial patch.

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW
2020-12-02 01:20

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November in the form of an out-of-band security patch.

Critical Oracle WebLogic flaw actively exploited by DarkIRC malware
2020-12-01 11:30

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago. Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
2020-11-11 10:02

Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency. Although Muhstik botnet has been around for at least 2018, in December 2019, Palo Alto Networks had identified a new variant of the botnet attacking and taking over Tomato routers.

Recent WebLogic Vulnerability Likely Exploited by Ransomware Operators
2020-11-06 18:45

At least one ransomware operator appears to have added to their arsenal an exploit for a recently patched vulnerability in Oracle WebLogic. Tracked as CVE-2020-14882 and considered critical severity, the vulnerability was addressed in Oracle's October 2020 Critical Patch Update.

Oracle patches severe flaw in WebLogic Server that could be exploited 'without the need for a username and password'
2020-11-03 14:12

The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert.

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
2020-11-03 13:57

While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Oracle issues emergency patch for critical WebLogic Server flaw
2020-11-02 14:06

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.