Security News
Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.
Easily exploitable RCE in Oracle WebLogic Server under attackA critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. DNS attacks increasingly target service providersThe telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. Hackers breach psychotherapy center, use stolen health data to blackmail patientsNews of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.
On Thursday Johannes Ullrich, Dean of Research at the SANS Technology Institute, spotted a massive spike in traffic on research "Honeypot" systems as somebody tried to identify public-facing WebLogic servers that weren't patched against CVE-2020-14882. If you find a vulnerable server in your network: Assume it has been compromised.
A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation. The vulnerability can be exploited remotely and without authentication, allowing an attacker to execute arbitrary code.
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."
A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.
Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.
Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.
Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be...