Threat Post

Oracle WebLogic Server RCE Flaw Under Active Attack

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn’t updated their Oracle WebLogic servers to protect them ...
Ars Technica

Zero-day attackers deliver a double dose of ransomware—no clicking required

Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part ...
Infosecurity-magazine.com

8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server

The threat actor known as “8220 Gang” has been associated with a new payload targeting an exploitable Oracle Weblogic Server in a specific Uniform Resource Identifier (URI). The payload, analyzed by ...
Bleeping Computer

Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code

Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability. The security bug at the ...
CSOonline

New cryptomining campaign infects WebLogic servers with Hadooken malware

A new attack campaign compromises misconfigured Oracle WebLogic servers and deploys a backdoor program called Hadooken along with a cryptocurrency mining program, apparently to take advantage of weak ...
来自MSN

CISA says Oracle and Mitel have critical security flaws being exploited

CISA addS three new bugs to KEV - two in Mitel’s MiCollab, and one in Oracle WebLogic Server The bugs allowed crooks to read sensitive files and take over vulnerable endpoints Federal agencies have ...
Bleeping Computer

Oracle issues emergency patch for critical WebLogic Server flaw

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security ...