#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

oracle | Breaking Cybersecurity News | The Hacker News

Category — oracle
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Nov 20, 2024 Software Security / Vulnerability
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password," it said in an advisory. "If successfully exploited, this vulnerability may result in file disclosure." CrowdStrike security researchers Joel Snape and Lutz Wolf have been credited with discovering and reporting the flaw. There is currently no information available on who is exploiting the vulnerability, the targets of the malicious activity, and how widespread these attacks are. "If successfully exploited, an unauthenticated perpetrator could download, from the targeted system, files accessible under the privileges used ...
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Aug 20, 2024 Enterprise Security / Data Breach
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs)," AppOmni's Aaron Costello said . It's worth emphasizing here that the issue is not a security weakness in the NetSuite product, but rather a customer misconfiguration that can lead to leakage of confidential data. The information exposed includes full addresses and mobile phone numbers of registered customers of the e-commerce sites. The attack scenario detailed by AppOmni exploits CRTs that employ table-level access controls with the "No Permission Required" access type, which grants unauthenticated users access to data by making use of NetSuite's record and search APIs. That sa...
Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Nov 18, 2024Penetration Testing / Network Security
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%), according to the Kaseya Cybersecurity Survey Report 2024 . Compliance-focused testing can catch vulnerabilities that exist at the exact time of testing, but it's not enough to stay ahead of attackers in a meaningful way. Why More Frequent Testing Makes Sense When companies test more often, they're not just checking a box for compliance—they're actually protecting their networks. The Kaseya survey also points out that the top drivers for network penetration testing are: Cybersecurity Control and Validation (34%) – ensuring the security controls work and vulnerabilities are minimized. Re...
Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

May 02, 2023 Vulnerability / Cyber Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389  (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046  (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted Data Vulnerability CVE-2023-21839  (CVSS score: 7.5) - Oracle WebLogic Server Unspecified Vulnerability CVE-2023-1389 concerns a case of command injection affecting TP-Link Archer AX-21 routers that could be exploited to achieve remote code execution. According to Trend Micro's Zero Day Initiative, the flaw has been  put to use  by threat actors associated with the Mirai botnet since April 11, 2023. The second flaw to be added to the KEV catalog is CVE-2021-45046, a remote code execution affecting the Apache Log4j2 logging library that  came to li...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

Feb 03, 2023 Vulnerability Management
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2  added  two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is  CVE-2022-21587  (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator," CISA  said . The issue was addressed by Oracle as part of its Critical Patch Update released in October 2022. Not much is known about the nature of the attacks exploiting the vulnerability, but the development follows the publication of a proof-of-concept (PoC) by cybersecurity firm Viettel on January 16, 2023. The second security flaw to be added to the KEV catalog is  CVE-2023-2...
Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Sep 22, 2022
Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz,  said  in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as such." "Given the OCID of a victim's disk that is not currently attached to an active server or configured as shareable, an attacker could 'attach' to it and obtain read/write over it," Tamari added. The cloud security firm, which dubbed the tenant isolation vulnerability " AttachMe ," said Oracle  patched the issue  within 24 hours of responsible disclosure on June 9, 2022. Accessing a volume using the CLI without sufficient permissions At its core, the vulnerability is rooted in the fact that a disk could be attached to a compute ...
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

Mar 18, 2022
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed  UNC1945 . The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers  said  in a new report published this week. Even more concerningly, the attacks spanned several years in some cases, during the entirety of which the actor remained undetected by taking advantage of a rootkit called CAKETAP, whic is designed to c...
Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

Jan 26, 2022
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service (NHS) that  sounded the alarm  on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Log4Shell  is a moniker used to refer to an exploit affecting the popular Apache Log4j library that results in remote code execution by logging a specially crafted string...
Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

Nov 23, 2021
A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory  reads . "Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox" Tracked as  CVE-2021-2442  (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which  fixes have been rolled out  by Oracle as part of its Critical Patch Update for July 2021. Oracle VM  VirtualBox  is an open-source and cross-platform hypervisor and desktop virtualization softw...
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Jul 22, 2021
Oracle on Tuesday released its quarterly  Critical Patch Update for July 2021  with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is  CVE-2019-2729 , a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an  out-of-band security update  in June 2019. Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications. The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology. Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS s...
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

Feb 01, 2021
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group  Rocke , the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers  said  in a Thursday write-up. "Pro-Ocean uses known vulnerabilities to target cloud applications," the researchers detailed. "In our analysis, we found Pro-Ocean targeting Apache ActiveMQ ( CVE-2016-3088 ), Oracle WebLogic ( CVE-2017-10271 ) and Redis (unsecure instances)." "Once installed, the malware kills any process that uses the CPU heavily, so that it's able to use 100% of the CPU and mine Monero efficiently." First documented...
Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Dec 02, 2020
Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its  October 2020 Critical Patch Update  and subsequently again in November ( CVE-2020-14750 ) in the form of an out-of-band security patch. As of writing, about 3,000 Oracle WebLogic servers are accessible on the Internet-based on stats from the Shodan search engine. Oracle  WebLogic  is a platform for developing, deploying, and running enterprise Java applications in any cloud environment as well as on-premises. The flaw, which is tracked as CVE-2020-14882, has a CVSS score of 9.8 out of a maximum rating of 10 and affects WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Although the issue has been addressed, the release ...
Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

Jun 16, 2020
If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS) , make sure you recently updated and are running the latest available version of the software. In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in its integrated group of applications designed to automate CRM, ERP, and SCM operations for organizations. The two vulnerabilities, dubbed " BigDebIT " and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date. The security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud. According to the researchers, "an unauthenticated hacker...
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

May 01, 2019
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed " Sodinokibi ." Last weekend, The Hacker News learned about a critical deserialization remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization. To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on...
'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

'Highly Critical' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

Apr 25, 2019
A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud. It's popular across both, cloud environment and conventional environments. Oracle WebLogic application reportedly contains a critical deserialization remote code execution vulnerability that affects all versions of the software, which can be triggered if the "wls9_async_response.war" and "wls-wsat.war" components are enabled. The vulnerability, spotted by the researchers from KnownSec 404, allows attackers to remotely execute arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization....
Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Apr 30, 2018
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a way using which attackers can bypass the security patch and exploit the WebLogic vulnerability once again. WebLogic Server acts as a middle layer between the front end user interface and the backend database of a multi-tier enterprise application. It provides a complete set of services for all components and handles details of the application behavior automatically. Initially discovered in November last year by Liao Xinxi of NSFOCUS security team, the Oracle WebLogic Server flaw (CVE-2018-2628) can be exploited with network access over TCP port 7001. If exploited successfully, the fl...
Oracle acquires DNS provider Dyn for more than $600 Million

Oracle acquires DNS provider Dyn for more than $600 Million

Nov 22, 2016
Yes, Oracle just bought the DNS provider company that brought down the Internet last month. Business software vendor Oracle announced on Monday that it is buying cloud-based Internet performance and Domain Name System (DNS) provider Dyn. Dyn is the same company that was hit by a massive distributed denial of service (DDoS) attack by the Mirai botnet last month which knocked the entire Internet offline for a few hours, crippling some of the world's biggest and most popular websites. Since the company provides cloud-based DNS service to customers such as Spotify, Netflix, Twitter and Pfizer, the acquisition will help Oracle's cloud customers to optimize their infrastructure costs and performance. According to the press release , the Dyn acquisition "extends the Oracle cloud computing platform and provides enterprise customers with a one-stop shop for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)." "Oracle Cloud customers will...
Data Breach — Oracle's Micros Payment Systems Hacked

Data Breach — Oracle's Micros Payment Systems Hacked

Aug 09, 2016
The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These us...
Google Wins Epic Java Copyright Case Against Oracle

Google Wins Epic Java Copyright Case Against Oracle

May 27, 2016
Google has finally won six-year long $9-billion legal battle with Oracle over the use of Java APIs in Android. Oracle filed its lawsuit against Google in 2010, claiming that the company illegally used 11,500 lines of Java code in its Android operating system, violating copyrights owned by Oracle. However, a federal jury of ten people concluded Thursday that Google's use of Java constituted "Fair Use" under US copyright law and delivered a verdict in favor of Google. The case was a big deal as the court decision could have the potential to change the way future apps are written for the Android operating system that is being used by almost 80% of the world's mobile devices. Also Read:   Google 'Android N' Will Not Use Oracle's Java APIs Oracle, who owns Java, had been seeking $9 Billion in damages for the use of application programming interfaces (APIs), which govern how code communicates with other bits of code. However, Google argued that...
Oracle Issues Emergency Java Update for Windows

Oracle Issues Emergency Java Update for Windows

Feb 08, 2016
The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603 , could allow an attacker to trick an unsuspecting user into visiting a malicious website and downloading files to the victim's system before installing Java 6, 7 or 8. Although the vulnerability is considered relatively complex to exploit, a successful attack results in " complete compromise " of the target's machine. What You Need to Know About the Java Exploit The successful attack requires an attacker to trick a suitably unskilled user for opening a Java release even though the user is nowhere near the Java Website. Since the existence of the loophole is only during the installation process, users are not required to upgrade their existing Java installations in order to address the vulnerability. ...
Google 'Android N' Will Not Use Oracle's Java APIs

Google 'Android N' Will Not Use Oracle's Java APIs

Dec 30, 2016
Google appears to be no longer using Java application programming interfaces (APIs) from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead. Google will be making use of OpenJDK – an open source version of Oracle's Java Development Kit (JDK) – for future Android builds. This was first highlighted by a "mysterious Android codebase commit" submitted to Hacker News. However, Google confirmed to VentureBeat that the upcoming Android N will use OpenJDK, rather its own implementation of the Java APIs. Google and Oracle have been fighting it out for years in a lawsuit, and it is hard to imagine that such a massive change is not related to the search engine giant's ongoing legal dispute with Oracle, however. What Google and Oracle are Fighting About The dispute started when Oracle sued Google for copyright in 2010, claiming that Google improperly used a part of its programming language...
Expert Insights / Articles Videos
Cybersecurity Resources