Overview On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in...
Year: 2018
USA and China identified as top cyber attack sources
Help Net Security - NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018. Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most...
WebLogic Remote Code Execution Vulnerability(CVE-2018-3245) Threat Alert
Overview On October 16, local time (early morning on October 17, Beijing time), Oracle officially released the October (third quarter) Critical Patch Update (CPU), which fixes a July (second quarter) CPU patch. The WebLogic remote code execution vulnerability (CVE-2018-2893) has not been fully fixed. The newly fixed vulnerability is assigned...
Oracle October 2018 Critical Patch Update for All Product Families Threat Alert
Overview On October 16, 2018, local time, Oracle released its quarterly security advisory of the Critical Patch Update (CPU) for the third quarter. The CPU fixes 301 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)
Crypto Mining, DDoS Attacks On The Rise – Report
BlockTribune - NSFOCUS, a hybrid security solution company, today released its H1 Cybersecurity Insights report, which highlights the observations of the NSFOCUS Threat Intelligence center, a security research organization created by NSFOCUS for implementing an intelligent security 2.0 strategy and improving the cybersecurity ecosystem. NSFOCUS analyzed traffic from January 1,...
The daily briefing.
The Cyber Wire - McAfee researchers report finding a hitherto unremarked "data reconnaissance implant" that's targeting Korean speakers. They're calling it "Oceansalt," an homage to the earlier Seasalt implant that the old Chinese Comment Crew used back in 2010. Indeed, Oceansalt reuses code from Seasalt. The Comment Crew, also known...
