fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Critical Oracle WebLogic Flaw Actively Targeted In Attacks

Critical Oracle WebLogic Flaw Actively Targeted In Attacks

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication.

The vulnerability leveraged in the attacks is CVE-2020-14882 with a severity rating 9.8 out of 10 that allows compromising systems via a simple HTTP GET request.

Looking for targets

Oracle fixed the vulnerability in this month’s release of Critical Patch Update (CPU), crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.

Honeypots set up by the SANS Technology Institute caught the attacks shortly after exploit code for CVE-2020-14882 emerged in the public space. Vulnerable versions of Oracle WebLogic Server are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

In an advisory today, Johannes Ullrich, Dean of Research at SANS, says that exploit attempts on the honeypots came from the following IP addresses:

  • 114.243.211.182 – assigned to China Unicom
  • 139.162.33.228 – assigned to Linode (U.S.A.)
  • 185.225.19.240 – assigned to MivoCloud (Moldova)
  • 84.17.37.239 – assigned to DataCamp Ltd (Hong Kong)

Most of them are just pinging targets but the one from MivoCloud attempts to execute the “cmd /c” command, which runs the command specified in the string and then terminates.

SANS Institute is in the process of alerting the corresponding internet service providers of the offensive activity from the IP addresses above.

Ullrich says that the exploit attempts recorded by the honeypots just check if the system is vulnerable. SANS cannot provide details for the follow-up requests because the trap systems are configured not to reply with a correct response.

According to Ullrich, the exploit used in these attacks seems to be based on the technical details in a blog post (Vietnamese) published yesterday by security researcher Jang.

A search on Spyse engine for scanning and collecting reconnaissance information from exposed assets shows that there are more than 3,000 Oracle WebLogic servers reachable over the public internet and potentially vulnerable to CVE-2020-14882.

Also Read: Thinking of Shredding or Burning Paper? Here’s What You Should Know

source: Spyes

The attacks observed by SANS come a little over a week after Oracle released a patch for CVE-2020-14882. This should come as no surprise, though, considering how trivial it is to exploit, its critical severity, and that exploit code is publicly available. Applying the patch is currently the best solution to protect against these attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us