#CVE20173506

7-year-old Oracle WebLogic bug under active exploitation

by

June 6, 2024 at 06:44AM CISA added the 7-year-old Oracle vulnerability CVE-2017-3506 to its KEV catalog due to ongoing exploitation by Chinese cybercriminals. Recent research by Trend Micro found Water Sigbin leveraging this vulnerability to deploy cryptocurrency miners and evade detection. Patching is an issue, with Oracle potentially planning a special patch release due to … Read more

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

by

June 4, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in Oracle WebLogic Server to the catalog of Known Exploited Vulnerabilities, allowing unauthorized server access and control. A China-based group, 8220 Gang, has used the flaw for crypto-mining botnet attacks. Federal agencies are advised to apply fixes by … Read more