The Cybersecurity and Infrastructure Security Agency (CISA) has added 12 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple, Chrome, Android OS, D-Link (5), QNAP NAS, MikroTik, Oracle WebLogic, FortiOS and FortiADC flaws.
A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.
Oracle has released its Critical Patch Update for January 2021 to include 329 vulnerability fixes across multiple products.
Oracle has released an emergency patch for a Weblogic remote code execution (RCE) vulnerability CVE-2020-14750.
Oracle released a new warning that a previously patched Weblogic vulnerability CVE-2020-2883 is being exploited in the wild. The company further urged organizations should apply April CPUs without delay.
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization’s patch management efforts.
Cyber criminals are targeting vulnerable software and gaps in managed service providers’ (MSP) security systems to distribute Sodin ransomware.
Oracle has released a patch for a critical vulnerability CVE-2019-2729 in Oracle WebLogic Server, exploited in the wild. The company also warns bad actors can remotely exploit the flaw without a username and password.
Researchers at Trend Micro have discovered bad actors exploiting an Oracle WebLogic Server deserialization vulnerability CVE-2019-2725 to install a Monero cryptocurrency miner.
Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.