In our increasingly digital world, the threat landscape is rapidly changing and expanding, leaving organizations to wonder how they can keep up with evolving threats. This is especially true as cyber criminals swiftly take advantage of new threat vectors and use global events as lures. As always, a robust cyber security fabric that enables you to virtually patch vulnerable systems using IPS signatures along with endpoint detection measures provides malware protection across the organization. Appropriate network segmentation to prevent threat propagation is also key to securing your organization. Check out our latest white papers on how to secure your organization without compromising performance. Out-of-Band Advisory (CVE-2020-14750) Remote Code Execution Vulnerability in Oracle WebLogic – Ashco security team is aware of a new out-of-band security advisory released by Oracle detailing a remote code execution vulnerability in Oracle WebLogic Server. It was assigned CVE-2020-14750. According to the advisory, the vulnerability is similar to CVE-2020-14882 (patched in the October 2020 release) and allows a remote attacker to fully compromise an Oracle WebLogic Server without a username and password via a single HTTP get request. AV Signatures:
W32/Agent.AARN!tr W32/Agent.ACDG!tr W32/Agent.XAAPZM!tr W32/Agent.XAARAO!tr W32/Agent.XABNST!tr W32/Agent.ZVX!tr W32/Denes.BAC!tr W64/Agent.WC!tr Indicator(s): d292eb271818c2eed1ce83f2be9743e0f14f641419b479152d211daccb9bd861 eb12c9f3c7c21aac3fb7d09e447173c5e2e391c9c21921213bc752fc9a60eb27 8cf5f2be05770e8d1d66aee3e727692ee93768a0ec4b7646d2a9360e80b58a3b 3aeb23a06002a9e67e6f9aa6f720bb29f6f7c4de2beca0d9c3f8c10c2d8f1572 ccc6c43bf0296f4f58177005e8587870d127b3cf7dfda98c8ec0db874d7645d7 7572a48a8fedc50f3a8795632b087a9aac252b302347a4ecce948373b4e2ca7a 264fcf6a027152fc8cef1466d7462b2ffee419ce9aaf9ce431ea82b2fb0bc4e9 1e314dd0d5e09afced92b7fca8df8fb6d9509526402a3f385998525760ee6402 f2a2bcd31317e23f8c30219b373bdd1fc1bcb2d33afe0f36aa716dad0ecd00e1 2c264d7e234a80db5330f8d84563accc4731e635704b938ad12a2ab264d0ac7d Web Filtering WatchBogMiner mining Trojan compromised thousands of servers – WatchBogMiner is a Trojan that exploits vulnerabilities in server components such as Nexus Repository Manager, Supervisord, ThinkPHP, etc. Once installed, it focuses on persistency attacks and starts mining the Monero cryptocurrency. Tencent Security researchers recently discovered the latest variant of the WatchBogMiner carrying out attacks on cloud servers. The newest variant of this Trojan uses the Apache Flink protocol to upload the payload that targets vulnerabilities in unpatched servers and enables remote code execution abilities for the attacker. After that, the mining Trojan gets installed on the server. According to the researcher, this variant of the Trojan has compromised over 8,000 servers for cryptocurrency mining. Ashco security team has classified all related IOCs as malicious. Indicator(s): nabladigital[.]biz/img/ddxox[.]png nabladigital[.]biz/img/sghbw[.]png nabladigital[.]biz/img/afhpo[.]png nabladigital[.]biz/img/qczgb[.]png nabladigital[.]biz files[.]catbox[.]moe/5j9zcz a[.]pomf[.]cat/wariie Validate your network’s security accuracy, application usage and performance with our Cyber Threat Assessment.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |