Oracle WebLogic Servers to be Under Attack

Attack begun shortly after the PoC-codes publication 
26 July 2018   495

Information security specialists from Qihoo 360 Netlab reported that Oracle WebLogic servers were attacked by cybercriminals. It is known that the purpose of attacks were systems that did not have a recently released patch fixing the critical vulnerability of CVE-2018-2893.

The CVE-2018-2893 vulnerability is a flaw in the Oracle WebLogic software component that allows a hacker to subordinate a server and execute arbitrary code, and he does not need to know the password from the device to perform all actions.

On July 18, 2018, Oracle published an update that addresses a number of vulnerabilities. But after three days several PoC-codes got into the web, two of which are still on the Internet. After the spread of information about the existence of exploits, on July 21, the first attacks began.

Experts believe that there are at least two groups of hackers who may have managed to automate their actions to exploit vulnerabilities for their own purposes.

The vulnerability was found in the versions of Oracle WebLogic 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Employees of the company recommend to the owners of servers for security to quickly install an update released in July 2018, which closes security holes in Java SE, VirtualBox, MySQL and other tools.

Google to Release Cloud Inference API

Cloud Inference API can be used for real time big data analysis 
20 September 2018   96

Google introduced an alpha version of the service for time series analysis. It processes information about events at the time - clicks, requests, activations of IoT devices, and so on. The Cloud Inference API analyzes these data in real time, finds correlations and makes predictions based on it.

Cloud Inference API
Cloud Inference API 

Service features:

  • A simple tree-like query language that allows you to specify your own time markers.
  • Online processing of incoming data with minimal delay. Therefore, Google recommends using the API in interactive user applications.
  • Ability to process data arrays of different volumes (up to trillions of records) and work under high load (up to hundreds of thousands of requests per second).
  • Full integration with Google Cloud Storage, which provides access to the same data in different services of the platform.
  • More information about the work of the tool can be found in the documentation.

Google noted that the service will be useful for a wide range of industries. Retailers can analyze the impact of pedestrian traffic on the level of sales conversion, content providers - the popularity of materials to provide better personal recommendations.

Now the Cloud Inference API is already being used by Snap to analyze the data received through the Snapchat application.

Google Cloud is developing a number of cloud services. At the end of August 2018, the company updated the tools for converting speech to text and vice versa. Cloud Text-to-Speech received support for several new languages ​​and voices, and Cloud Speech-to-Text - recognition of several speakers, language and the ability to highlight important words