The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw in the Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation of this vulnerability. Identified as CVE-2017-3506 with a CVSS score of 7.4, this flaw is an operating system (OS) command injection vulnerability. It can be exploited through a specially crafted HTTP request containing a malicious XML document, allowing attackers to gain unauthorized access and potentially take complete control of affected servers. As per CISA Oracle WebLogic Server, part of the Fusion Middleware suite, is susceptible to an OS command injection vulnerability, enabling attackers to execute arbitrary code via maliciously crafted HTTP requests. Although CISA did not detail the specific attacks exploiting this vulnerability, the China-based cryptojacking group 8220 Gang (also known as Water Sigbin) has a history of leveraging it. Since early last year, they have been targeting unpatched devices to integrate them into a crypto-mining botnet. A recent Trend Micro report highlighted that the 8220 Gang exploits both CVE-2017-3506 and CVE-2023-21839 flaws in Oracle WebLogic servers. They use shell or PowerShell scripts, depending on the operating system, to launch cryptocurrency miners filelessly in memory. The gang employs obfuscation techniques, such as hexadecimal encoding of URLs and using HTTP over port 443, for stealthy payload delivery. Security researcher Sunil Bharti noted that their PowerShell script and subsequent batch files use complex encoding and environment variables to conceal malicious code within seemingly benign script components. Given the active exploitation of CVE-2017-3506, CISA advises federal agencies to implement the latest security patches by June 24, 2024, to safeguard their networks from potential threats.
Socket's Threat Research Team identified 11 malicious NuGet packages disguised as game cheats, automation bots, and management panels targeting titles including Albion Online, ...
Cybercriminals are increasingly using FaceTime to create convincing interactions with Apple users and obtain access to personal or financial accounts. Fraudsters present themselves...
Microsoft has released its July 2026 Patch Tuesday security updates, addressing a record-breaking 570 vulnerabilities, including two actively exploited zero-day vulnerabilities and...