#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: oracle exploit

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

Oct 31, 2017
A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory  published Monday without revealing many details about the issue. The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises. The security loophole is due to a "default account" that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the "def
Shadow Brokers reveals list of Servers Hacked by the NSA

Shadow Brokers reveals list of Servers Hacked by the NSA

Oct 31, 2016
The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA's hacking tools and exploits, is back with a Bang! The Shadow Brokers published more files today, and this time the group dumped a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations. Top 3 Targeted Countries — China, Japan, and Korea The data dump  [ Download / File Password: payus ] that experts believe contains 306 domain names, and 352 IP addresses belong to at least 49 countries. As many as 32 domains of the total were run by educational institutes in China and Taiwan. A few target domains were based in Russia, and at least nine domains include .gov websites. The top 10 targeted countries include China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. The latest dump has been signed by the same key as the first Shadow Brokers' dump of
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.