WebLogic

Automating multi-AZ high availability for WebLogic administration server with DNS: Part 2 | Amazon Web Services

by
Automating multi-AZ high availability for WebLogic administration server with DNS: Part 2 | Amazon Web Services

In Part 1 of this series, we used a floating virtual IP (VIP) to achieve hands-off high availability (HA) of WebLogic Admin Server. In Part 2, we’ll achieve an arguably superior solution using Domain Name System (DNS) resolution. … Article Source https://aws.amazon.com/blogs/architecture/automating-multi-az-high-availability-for-weblogic-administration-server-with-dns-part-2/

More old Oracle WebLogic vulnerabilities exploited for cryptomining

by
More old Oracle WebLogic vulnerabilities exploited for cryptomining

Oracle WebLogic servers that are vulnerable to old flaws, specifically identified as CVE-2017-3506, CVE-2017-10271, and CVE-2023-21839, have recently been targeted by the 8220 Gang threat operation, also known as Water Sigbin. According to reports from Hacker News, the attackers have successfully infiltrated these servers and distributed a PowerShell script to launch a WireGuard VPN application-spoofing … Read more

Hackers exploit vulnerabilities in Oracle WebLogic using Water Sigbin techniques

by
Hackers exploit vulnerabilities in Oracle WebLogic using Water Sigbin techniques

Cybersecurity researchers have uncovered a complex attack campaign orchestrated by the threat actor Water Sigbin (also known as 8220 Gang), targeting vulnerabilities in Oracle WebLogic Server, specifically CVE-2017-3506 and CVE-2023-21839. The attackers employed these vulnerabilities to plant the XMRig cryptocurrency miner on compromised systems. To avoid detection, Water Sigbin utilized advanced tactics such as code … Read more

Cryptocurrency Mining Group Abuses Oracle WebLogic Server Vulnerabilities

by
Cryptocurrency Mining Group Abuses Oracle WebLogic Server Vulnerabilities

Security researchers have uncovered a cryptocurrency mining operation conducted by the 8220 gang that exploits vulnerabilities in Oracle WebLogic Server. Known as Water Sigbin, the threat actor uses fileless execution techniques to bypass detection mechanisms, allowing the malware code to run solely in memory. The initial access is gained through vulnerabilities such as CVE-2017-3506, CVE-2017-10271, … Read more