Shulou(Shulou.com)05/31 Report--

This article mainly explains the "Oracle vulnerability analysis", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "Oracle vulnerability analysis" bar!

Threat actors are exploiting the CVE-2020-14882 ultra-critical vulnerability to attack unrepaired Oracle WebLogic Server and deploy Cobalt Strike beacons to gain persistent remote access on the compromised device.

Cobalt Strike is a legitimate penetration testing tool, but it can also be used by threat actors. They use this tool in post-exploit tasks to deploy beacons that allow them to gain persistent remote access.

After gaining access, the threat actor can access the invaded server, steal data, and deploy the second phase of malware payloads.

Oracle fixed the CVE-2020-14882 remote execution code vulnerability in a key patch update in October. A week after the patch was released, attackers have been scanning for WebLogic Server exposed on the Internet.

On November 1st, Oracle released an emergency security update to fix another remote execution code vulnerability, CVE-2020-14750, that affects WebLogic Server. An unauthenticated remote attacker can exploit this vulnerability to take over an unrepaired instance.

The latest series of attacks against fragile WebLogic instances began over the weekend, the SANS Institute of Technology said on Nov. 3.

An attacker is downloading and installing Cobalt Strike payloads on an unrepaired Oracle WebLogic Server using a base64-encoded Powershell script.

Cobalt Strike deployment

According to an analysis report, 66% of the ransomware attacks in the third quarter of 2020 involved the red team tool Cobalt Strike, indicating that extortion software actors have become more and more dependent on this tool after abandoning commercial Trojans.

Cyber security company Spyse found more than 3300 Oracle WebLogic Server exposures affected by CVE-2020-14882 online.

Given that CVE-2020-14882 and CVE-2020-14750 are easy to exploit and can be used by unauthenticated attackers to take over fragile WebLogic Server, vendors have advised users to apply security updates immediately to prevent attacks.

Thank you for your reading, the above is the content of "Oracle vulnerability analysis", after the study of this article, I believe you have a deeper understanding of the problem of Oracle vulnerability analysis, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.