Oracle WebLogic Server could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.1.3.0.0 |
Muhstik botnet, also known as Mushtik, has been targeting cloud infrastructure and IoTs for years.
The botnet mainly funds itself by mining cryptocurrency using open source tools like XMRig and cgminer.
New details have emerged related to this malware that shed light on its nefarious activities and origins.
Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency.
It leverages IRC servers ...
If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.”
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, which ranks 9.8 out of 10 on the CVSS scale. According to Oracle, the attack is “low” in complexity, req...
Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote code execution flaw, CVE-2020-2883, that can be exploited by unauthenticated attackers to take over unpatched systems...
Over the past two week, we have seen an increase in warnings from law enforcement agencies stating that healthcare organizations need to be on high alert for attacks by ransomware operators and other attackers who are looking to capitalize on the Coronavirus pandemic.
In addition, we continue to see new variants released from the common ransomware families such as STOP, Dharma, and others.
Finally, the Wall Street Journal broke the news this week that
to REvil to get their co...
At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...
The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloads and targeting.
While considered unsophisticated, researchers warn that the threat group has a wide reach and has attacked organizations in banking, healthcare, transportation and IT services...
Emergency security fix emitted for remote code exec hole exploited in the wild
Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.
The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services.
When exploited, a remote at...
Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild.
The remote code execution flaw (CVE-2019-2729) impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability has a CVSS score of 9.8 out of 10. Part of its seriousness is because it is remotely exploitable without authentication.
“Due to the severity of this vulnerability, Oracle strongly reco...
Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks.
The issue is now tracked CVE-2019-2729 and it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services. This is the same as CVE-2019-2725,
, leveraged in past attacks to deliver
and
. It is also included in the exploit bag of the re...
The GandCrab ransomware group is shutting down, according to posts on the Dark Web.
Researchers David Montenegro and Damian spotted the announcements over the weekend.
Noting that “all good things come to an end,” GandCrab’s operators in a posting on the exploit[.]in underground market claim the malware has raked in nearly $2 billion since the ransomware launched in January of last year. That encompasses ransomware-as-a-service (RaaS) earnings as well as $150 million for...
Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability (CVE-2019-2725) is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto Networks – especially since the bug is “trivial” to exploit.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. Oracle r...
UPDATE
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhs...
Big Red rushes out software patch as ransomware scumbags move in
IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks.
The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be...
A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.
The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. The deserialization vulnerability (CVE-2019-2725) is being exploited to spread what researchers with Cisco Talos in a Tuesday analysis dubbed the “Sodinokibi” ransomware.
“This is th...
Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
Earlier this month, a deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a l...
Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world.
Since the infamous GandCrab group
in mid-2019, the ransomware landscape changed drastically. The RaaS mod...
In brief NordVPN has hit the go-live button for the first of its colocated server setups.
The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting a server in a data centre. The difference being that NordVPN gets to control all the hardware and settings.
This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host ...