What is the Attack?
An attack campaign led by the 8220 gang has been seen leveraging a 3-year old Oracle WebLogic Server vulnerabilities (CVE-2020-14883 which is commonly chained with CVE-2020-14882) to distribute malware. The attackers are able to download maliciously crafted XML files, allowing remote code execution, and finally deploying stealer and cryptominer malware such as AgentTesla, rhajk, nasqa. The high IPS detection rate suggests that the exploitation is at large.
What is the Vendor Solution?
Oracle has released relevant updates since October 2020 at https://www.oracle.com/security-alerts/cpuoct2020traditional.html.
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature created in Nov 2020, “Oracle.WebLogic.Fusion.Middleware.Authentication.Bypass” (with default action is set to “block”) in place for CVE-2020-14883, CVE-2020-14882 and has released antivirus signatures for the known and related malware to this campaign.
FortiGuard Labs recommends companies to scan their environment, find the versions of vulnerable software applications in use, and develop an upgrade plan for them and always follow best practices.
More Stories
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...
USN-7179-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...
USN-7173-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...
swiftlint-0.57.1-1.fc42
FEDORA-2024-87d30b4fbf Packages in this update: swiftlint-0.57.1-1.fc42 Update description: Automatic update for swiftlint-0.57.1-1.fc42. Changelog * Fri Dec 20 2024 Davide Cavalca...
USN-7166-3: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7159-4: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...