Alert: Weblogic vulnerability exploited in the wild (apply April CPUs without delay)

Oracle released a new warning that a previously patched Weblogic vulnerability CVE-2020-2883 is being exploited in the wild. The company further urged organizations should apply April CPUs without delay.

Continue Reading Alert: Weblogic vulnerability exploited in the wild (apply April CPUs without delay)

The top 20 vulnerabilities to patch now (that are most under attack)

Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization's patch management efforts.

Continue Reading The top 20 vulnerabilities to patch now (that are most under attack)

Oracle patches Critical WebLogic vulnerability exploited in the wild (CVE-2019-2729)

Oracle has released a patch for a critical vulnerability CVE-2019-2729 in Oracle WebLogic Server, exploited in the wild. The company also warns bad actors can remotely exploit the flaw without a username and password.

Continue Reading Oracle patches Critical WebLogic vulnerability exploited in the wild (CVE-2019-2729)

Oracle vulnerability exploited to deliver dual Monero miners

Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.

Continue Reading Oracle vulnerability exploited to deliver dual Monero miners