June 4, 2024 at 12:06AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in Oracle WebLogic Server to the catalog of Known Exploited Vulnerabilities, allowing unauthorized server access and control. A China-based group, 8220 Gang, has used the flaw for crypto-mining botnet attacks. Federal agencies are advised to apply fixes by June 24, 2024.
From the meeting notes, we can gather the following key points:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security flaw in the Oracle WebLogic Server, known as CVE-2017-3506, which has been actively exploited by a China-based cryptojacking group known as the 8220 Gang.
– The vulnerability allows unauthorized access to susceptible servers and complete control.
– The gang has been using this vulnerability to launch a cryptocurrency miner filelessly in memory and has employed obfuscation techniques for stealthy payload delivery.
– Federal agencies are advised to apply the latest fixes by June 24, 2024, to protect their networks against potential threats.
This information underscores the urgency for federal agencies to address the security flaw and take necessary measures to protect their networks.