In our increasingly digital world, the threat landscape is rapidly changing and expanding, leaving organizations to wonder how they can keep up with evolving threats. This is especially true as cyber criminals swiftly take advantage of new threat vectors and use global events as lures.
As always, a robust cyber security fabric that enables you to virtually patch vulnerable systems using IPS signatures along with endpoint detection measures provides malware protection across the organization. Appropriate network segmentation to prevent threat propagation is also key to securing your organization. Check out our latest white papers on how to secure your organization without compromising performance.
Out-of-Band Advisory (CVE-2020-14750) Remote Code Execution Vulnerability in Oracle WebLogic – Ashco security team is aware of a new out-of-band security advisory released by Oracle detailing a remote code execution vulnerability in Oracle WebLogic Server. It was assigned CVE-2020-14750. According to the advisory, the vulnerability is similar to CVE-2020-14882 (patched in the October 2020 release) and allows a remote attacker to fully compromise an Oracle WebLogic Server without a username and password via a single HTTP get request.
WatchBogMiner mining Trojan compromised thousands of servers – WatchBogMiner is a Trojan that exploits vulnerabilities in server components such as Nexus Repository Manager, Supervisord, ThinkPHP, etc. Once installed, it focuses on persistency attacks and starts mining the Monero cryptocurrency. Tencent Security researchers recently discovered the latest variant of the WatchBogMiner carrying out attacks on cloud servers. The newest variant of this Trojan uses the Apache Flink protocol to upload the payload that targets vulnerabilities in unpatched servers and enables remote code execution abilities for the attacker. After that, the mining Trojan gets installed on the server. According to the researcher, this variant of the Trojan has compromised over 8,000 servers for cryptocurrency mining. Ashco security team has classified all related IOCs as malicious.
Validate your network’s security accuracy, application usage and performance with our Cyber Threat Assessment.