all InfoSec news
Oracle WebLogic Authentication Bypass Attack (CVE-2020-14883, CVE-2020-14882)
Dec. 21, 2023, 7:29 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
An attack campaign led by the 8220 gang has been seen leveraging a 3-year old Oracle WebLogic Server vulnerabilities (CVE-2020-14883 which is commonly chained with CVE-2020-14882) to distribute malware. The attackers are able to download maliciously crafted XML files, allowing remote code execution, and finally deploying stealer and cryptominer malware such as AgentTesla, rhajk, nasqa. The high IPS detection rate suggests that the exploitation is at large.
What is the Vendor Solution?
Oracle has released relevant …
8220 gang attack attackers authentication authentication bypass bypass campaign code code execution cryptominer cve cve-2020-14882 cve-2020-14883 download files gang led malware old oracle oracle weblogic oracle weblogic server remote code remote code execution server stealer vulnerabilities weblogic what is xml
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark