Oracle WebLogic Servers to be Under Attack

Attack begun shortly after the PoC-codes publication 
26 July 2018   901

Information security specialists from Qihoo 360 Netlab reported that Oracle WebLogic servers were attacked by cybercriminals. It is known that the purpose of attacks were systems that did not have a recently released patch fixing the critical vulnerability of CVE-2018-2893.

The CVE-2018-2893 vulnerability is a flaw in the Oracle WebLogic software component that allows a hacker to subordinate a server and execute arbitrary code, and he does not need to know the password from the device to perform all actions.

On July 18, 2018, Oracle published an update that addresses a number of vulnerabilities. But after three days several PoC-codes got into the web, two of which are still on the Internet. After the spread of information about the existence of exploits, on July 21, the first attacks began.

Experts believe that there are at least two groups of hackers who may have managed to automate their actions to exploit vulnerabilities for their own purposes.

The vulnerability was found in the versions of Oracle WebLogic 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Employees of the company recommend to the owners of servers for security to quickly install an update released in July 2018, which closes security holes in Java SE, VirtualBox, MySQL and other tools.

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   55

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.