#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

WebLogic | Breaking Cybersecurity News | The Hacker News

Category — WebLogic
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

May 02, 2023 Vulnerability / Cyber Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389  (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046  (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted Data Vulnerability CVE-2023-21839  (CVSS score: 7.5) - Oracle WebLogic Server Unspecified Vulnerability CVE-2023-1389 concerns a case of command injection affecting TP-Link Archer AX-21 routers that could be exploited to achieve remote code execution. According to Trend Micro's Zero Day Initiative, the flaw has been  put to use  by threat actors associated with the Mirai botnet since April 11, 2023. The second flaw to be added to the KEV catalog is CVE-2021-45046, a remote code execution affecting the Apache Log4j2 logging library that  came to light  in December 2021. It's cu
Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

Jan 26, 2022
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service (NHS) that  sounded the alarm  on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Log4Shell  is a moniker used to refer to an exploit affecting the popular Apache Log4j library that results in remote code execution by logging a specially crafted string. Since public
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey conducted o
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

Feb 01, 2021
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group  Rocke , the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers  said  in a Thursday write-up. "Pro-Ocean uses known vulnerabilities to target cloud applications," the researchers detailed. "In our analysis, we found Pro-Ocean targeting Apache ActiveMQ ( CVE-2016-3088 ), Oracle WebLogic ( CVE-2017-10271 ) and Redis (unsecure instances)." "Once installed, the malware kills any process that uses the CPU heavily, so that it's able to use 100% of the CPU and mine Monero efficiently." First documented
cyber security

How To Comply With The Cyber Insurance MFA Checklist

websiteSilverfortCyber Insurance / Authentication
Learn how to comply with the checklist of resources requiring MFA coverage in cyber insurance policies.
Expert Insights / Articles Videos
Cybersecurity Resources