The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: oracle

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

May 01, 2019Mohit Kumar
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed " Sodinokibi ." Last weekend, The Hacker News learned about a critical deserialization remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization. To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on
'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

April 25, 2019Mohit Kumar
A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud. It's popular across both, cloud environment and conventional environments. Oracle WebLogic application reportedly contains a critical deserialization remote code execution vulnerability that affects all versions of the software, which can be triggered if the "wls9_async_response.war" and "wls-wsat.war" components are enabled. The vulnerability, spotted by the researchers from KnownSec 404, allows attackers to remotely execute arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization.
Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

April 30, 2018Swati Khandelwal
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a way using which attackers can bypass the security patch and exploit the WebLogic vulnerability once again. WebLogic Server acts as a middle layer between the front end user interface and the backend database of a multi-tier enterprise application. It provides a complete set of services for all components and handles details of the application behavior automatically. Initially discovered in November last year by Liao Xinxi of NSFOCUS security team, the Oracle WebLogic Server flaw (CVE-2018-2628) can be exploited with network access over TCP port 7001. If exploited successfully, the fl
Oracle acquires DNS provider Dyn for more than $600 Million

Oracle acquires DNS provider Dyn for more than $600 Million

November 22, 2016Mohit Kumar
Yes, Oracle just bought the DNS provider company that brought down the Internet last month. Business software vendor Oracle announced on Monday that it is buying cloud-based Internet performance and Domain Name System (DNS) provider Dyn. Dyn is the same company that was hit by a massive distributed denial of service (DDoS) attack by the Mirai botnet last month which knocked the entire Internet offline for a few hours, crippling some of the world's biggest and most popular websites. Since the company provides cloud-based DNS service to customers such as Spotify, Netflix, Twitter and Pfizer, the acquisition will help Oracle's cloud customers to optimize their infrastructure costs and performance. According to the press release , the Dyn acquisition "extends the Oracle cloud computing platform and provides enterprise customers with a one-stop shop for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)." "Oracle Cloud customers will
Data Breach — Oracle's Micros Payment Systems Hacked

Data Breach — Oracle's Micros Payment Systems Hacked

August 09, 2016Swati Khandelwal
The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These us
Google Wins Epic Java Copyright Case Against Oracle

Google Wins Epic Java Copyright Case Against Oracle

May 27, 2016Swati Khandelwal
Google has finally won six-year long $9-billion legal battle with Oracle over the use of Java APIs in Android. Oracle filed its lawsuit against Google in 2010, claiming that the company illegally used 11,500 lines of Java code in its Android operating system, violating copyrights owned by Oracle. However, a federal jury of ten people concluded Thursday that Google's use of Java constituted "Fair Use" under US copyright law and delivered a verdict in favor of Google. The case was a big deal as the court decision could have the potential to change the way future apps are written for the Android operating system that is being used by almost 80% of the world's mobile devices. Also Read:   Google 'Android N' Will Not Use Oracle's Java APIs Oracle, who owns Java, had been seeking $9 Billion in damages for the use of application programming interfaces (APIs), which govern how code communicates with other bits of code. However, Google argued that
Oracle Issues Emergency Java Update for Windows

Oracle Issues Emergency Java Update for Windows

February 08, 2016Swati Khandelwal
The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603 , could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim's system before installing Java 6, 7 or 8. Although the vulnerability is considered relatively complex to exploit, a successful attack results in " complete compromise " of the target's machine. What You Need to Know About the Java Exploit The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website. Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability.
Google 'Android N' Will Not Use Oracle's Java APIs

Google 'Android N' Will Not Use Oracle's Java APIs

December 30, 2015Swati Khandelwal
Google appears to be no longer using Java application programming interfaces (APIs) from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead. Google will be making use of OpenJDK – an open source version of Oracle’s Java Development Kit (JDK) – for future Android builds. This was first highlighted by a "mysterious Android codebase commit" submitted to Hacker News. However, Google confirmed to VentureBeat that the upcoming Android N will use OpenJDK, rather its own implementation of the Java APIs. Google and Oracle have been fighting it out for years in a lawsuit, and it is hard to imagine that such a massive change is not related to the search engine giant's ongoing legal dispute with Oracle, however. What Google and Oracle are Fighting About The dispute started when Oracle sued Google for copyright in 2010, claiming that Google improperly used a part of its programming language
Oracle Ordered to Publicly Admit Misleading Java Security Updates

Oracle Ordered to Publicly Admit Misleading Java Security Updates

December 22, 2015Swati Khandelwal
Security issues have long tantalized over 850 Million users that have Oracle's Java software installed on their computers. The worst thing is that the software was not fully updated or secure for years, exposing millions of PCs to attack. And for this reason, Oracle is now paying the price. Oracle has been accused by the US government of misleading consumers about the security of its Java software. Oracle is settling with the Federal Trade Commission (FTC) over charges that it " deceived " its customers by failing to warn them about the security upgrades. Java is a software that comes pre-installed on many computers and helps them run web applications, including online calculators, chatrooms, games, and even 3D image viewing. Oracle Left Over 850 Million PCs at Risk The FTC has issued a press release that says it has won concessions in a settlement with Oracle over its failure to uninstall older and insecure Java SE software from customer PCs u
ORACLE Subdomain Page Defaced by Indian Hacker

ORACLE Subdomain Page Defaced by Indian Hacker

April 23, 2014Wang Wei
A group of Indian Hackers dubbed as I-HOS TEAM has successfully defaced a page on the sub domain of Oracle Corporation, biggest provider of enterprise software, computer hardware and Services. The users visiting the domain are being greeted with a custom webpage with black background and the theme song of an Indian Movie “ BOSS ”. The defacement page is displaying a logo with title “ IHOS - Indian Hackers Online Squad ” with a quotation for all the Indian hackers shows, “ LOVE TO ALL INDIAN HACKERS OUT THERE. ” Neither the website nor the server was actually compromised, but the Hacker going by online alias ‘Bl@Ck Dr@GoN’, actually found a page on the Oracle website that allows him to inject HTML/JavaScript code into the Oracle University Electronic Attendance webpage in order to modify the content, as shown in the screenshot provided to The Hacker News: Hacker told THN that anyone is able to edit the Student name on the website and can insert any code, which is not san
Oracle releases Critical Update to Patch 104 Vulnerabilities

Oracle releases Critical Update to Patch 104 Vulnerabilities

April 16, 2014Wang Wei
It’s time to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities. The United States software maker Oracle releases its security updates every three months, which it referred to as " Critical Patch Updates " (CPU). Yesterday, Oracle released its second CPU-date of this year providing important updates that include a total of 104 vulnerabilities, the company has announced . From the overall vulnerabilities, 37 security vulnerabilities impact Java SE and several of these flaws are so serious that it can be remotely exploited by a malicious malware to gain system access and execute arbitrary code with the privileges of a local user. Successful exploitation also allows an attacker to manipulate certain local data on a system and can cause a DoS attack without the need of authentication credentials, which means the flaws can be exploited over a network without the need for a username and password to crashin
Another Java zero-day vulnerability being exploited in the wild

Another Java zero-day vulnerability being exploited in the wild

March 02, 2013Mohit Kumar
Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Update 15 and  FireEye warned that the   vulnerability is being exploited to install a remote-access trojan dubbed McRat , researchers from security firm. " Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process," "After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero. " The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last mont
Two new Java zero-day vulnerabilities reported to Oracle

Two new Java zero-day vulnerabilities reported to Oracle

February 26, 2013Mohit Kumar
A Polish security firm ' Security Explorations' reported two new Java zero-day vulnerabilities , as “ issue 54 ” and “issue 55 ,” with proof of concept code to Oracle. Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak  have found two previously unknown security issues affecting Java 7. Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook , Apple and Microsoft. Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack
Oracle Patches Java Zero Day Vulnerability

Oracle Patches Java Zero Day Vulnerability

January 16, 2013Mohit Kumar
Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen in the wild dropping ransomware and assorted other malware. Security Alert CVE-2013-0422  include two vulnerabilities that are remotely executable. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java. Java is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. Similarly, Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that’s left thousands of computers wide open to malicious attacks from hackers. Lamar Bailey , director of security research and development for nCircle  said, “ We
Apple update removes Java plugin from OS X browsers

Apple update removes Java plugin from OS X browsers

October 19, 2012Mohit Kumar
Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying a " Missing Plug-in " notification. The Apple Support page states that this update is for OS X 10.7 and later. Apart from stripping browsers of the Java plug-in, it also removes the Java Preferences application, since it is no longer required for applet setting configuration. Just to be clear, the update does not remove Java from your system if its installed, just the Java plugin from your web browsers. In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however,
Oracle website saying - "Hello World" , is it a Hack ?

Oracle website saying - "Hello World" , is it a Hack ?

October 13, 2012Mohit Kumar
This afternoon I just got a ping from one of my Friend that Oracle website compromised. Its hard to believe that ORACLE can be compromised ? So lets explore that what going on: Oracle.com , Website Oracle Corporation ,  ( an American multinational computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems ) homepage showing just " HELLO WORLD " text on page. I tried to open it via mobile, it redirect me to mobile version at  Oracle.mobi , Yes its working fine as normal. Then we start moving on Twitter to find out whats going on, Lots of people tweeting about this and everyone seems to be confused that IS IT A HACK ? or the site is Under Maintenance ? Okay, Next I move to ORACLE twitter accounts @Oracle @OracleDatabase to find out either they have tweeted about this Strange update or not , But there was no tweet from their side from last 12 H
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.