Security News

Week in review: Automated pentesting, Oracle WebLogic servers under attack
2020-11-01 11:00

Easily exploitable RCE in Oracle WebLogic Server under attackA critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. DNS attacks increasingly target service providersThe telecommunications and media sector is the most frequent victim of DNS attacks, according to EfficientIP. Hackers breach psychotherapy center, use stolen health data to blackmail patientsNews of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.

If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'
2020-10-29 22:35

On Thursday Johannes Ullrich, Dean of Research at the SANS Technology Institute, spotted a massive spike in traffic on research "Honeypot" systems as somebody tried to identify public-facing WebLogic servers that weren't patched against CVE-2020-14882. If you find a vulnerable server in your network: Assume it has been compromised.

Oracle WebLogic Vulnerability Targeted One Week After Patching
2020-10-29 15:32

A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation. The vulnerability can be exploited remotely and without authentication, allowing an attacker to execute arbitrary code.

Oracle WebLogic Server RCE Flaw Under Active Attack
2020-10-29 14:49

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn't updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: "Assume it has been compromised."

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
2020-10-29 11:29

A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.

Critical Oracle WebLogic flaw actively targeted in attacks
2020-10-29 08:07

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.

Critical Oracle WebLogic vulnerability exploited in the wild
2020-10-29 08:07

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. Oracle fixed the vulnerability in this month's release of Critical Patch Update, crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
2020-05-04 14:57

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now
2019-06-19 18:48

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be...

Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack
2019-06-19 18:35

Emergency security fix emitted for remote code exec hole exploited in the wild Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic...