Unit 42 experts notified about increasing number of attacks on Oracle WebLogic servers. Criminals exploit…
Honeypots (special traps) created by experts from the SANS Institute have already discovered the first attacks on the vulnerability, since an exploit for CVE-2020-14882 has recently appeared in the public domain.
“Just about a week ago, as part of a massive quarterly “Critical Patch Update” (aka “CPU”), Oracle patched CVE-2020-14882 in WebLogic. Oracle at the time assigned it a CVSS score of 9.8. We are now seeing active exploitation of the vulnerability against our honeypot after PoC exploits had been published”, — according to the researchers from SANS Institute.
According to experts, attacks come from the following IP addresses:
So far, most of the attacks are simple pings of potential targets and search for vulnerable systems, although hackers operating from the MivoCloud IP address have already tried to execute the cmd/c command.
At the same time, SANS specialists cannot provide more detailed information about subsequent requests, since decoy systems are configured in such a way as not to respond with the correct answer.
The exploit that the hackers used for these attacks appears to be based on a Vietnamese cybersecurity researcher who posted a lengthy blog post on the issue this week.
There are over 3,000 Oracle WebLogic servers currently available on the network, and, according to Spyse, potentially vulnerable to CVE-2020-14882.
As a reminder, another Oracle WebLogic exploit was also popular among attackers last year.
We also wrote that Sophos specialists found that Ragnar Locker malware operators use Oracle VirtualBox to hide their presence in an infected system and launch the ransomware in a “safe” environment.
Qehu - General Info Qehu is a destructive software functioning as typical ransomware. Michael Gillespie,…
Qepi Virus - Details Qepi is a destructive software functioning as typical ransomware. Michael Gillespie,…
Wifebaabuy.live is a domain that tries to trick you into clik to its browser notifications…
Relativeads.net is a domain that tries to force you into clik to its browser notifications…
Vamtoacm.com is a domain that tries to force you into clik to its browser notifications…
Clicks2apk.com is a site that tries to force you into subscribing to its browser notifications…