Oracle WebLogic Server, Hadooken
'Hadooken' Linux malware targets Oracle WebLogic servers
Aqua caught the malware in a honeypot WebLogic server. The attack exploited a weak password to gain entry, then remotely executed malicious code. The first payload runs a shell script called "c" and a Python script called "y" – both of which attempted to download Hadooken.
New cryptomining campaign infects WebLogic servers with Hadooken malware
The Hadooken backdoor affecting the popular Java app server carries a cryptomining program and links to ransomware.
Oracle servers targeted by new Linux malware to steal passwords, crypto
Criminals have been spotted abusing poorly-defended Oracle WebLogic servers to mine cryptocurrency, build a DDoS botnet, and more. Cybersecurity researchers Aqua saw several attacks in the wild, and decided to run a honeypot.
Oracle WebLogic servers subjected to novel Hadooken malware attacks
After achieving initial server access via weak passwords, threat actors proceeded to launch a pair of scripts to retrieve the Hadooken malware, which features not only a cryptocurrency miner but also the Tsunami distributed denial-of-service botnet.
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
New Linux malware 'Hadooken' targets Oracle Weblogic, deploys crypto miners and DDoS botnet. Exploits vulnerabilities for lateral movement.
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks.
New ‘Hadooken’ Linux Malware Targets WebLogic Servers
The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.
SC Media3h
Updated CISA exploited vulnerabilities catalog adds several flaws
Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, ...
SecurityWeek1d
CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks
CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being ...
itsecuritywire8h
CISA Identifies Critical Exploited Vulnerabilities in Oracle Products
CISA updated its KEV Catalog to include two critical Oracle vulnerabilities, CVE-2022-21445 and CVE-2020-14644, previously ...
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) ...
GitHub9mon
nagypeter/weblogic-operator-tutorial
Build and deploy WebLogic domain on Kubernetes using Docker image with the WebLogic domain inside the image deployment updated to work Oracle Cloud Shell (a.k.a. Domain-home-in-image version using ...