Oracle WebLogic Server users need to patch their systems urgently, with a critical remote code execution vulnerability being widely exploited in the wild, including for delivery of a previously unseen ransomware variant, cybersecurity researchers say. Oracle broke with its normal patch cycle to release an emergency patch on April 26. The vulnerability has a “critical” CVSS score of 9.8, indicating how severe the issue is.
Nearly 50,000 companies are vulnerable to SAP configuration and patching issues that leave them open to fraud or data breaches, a cybersecurity company has claimed, despite updates and guidance for the vulnerability being issued years ago.
U.S. government officials are hyper-focused on the hacking threats from Russia and China right now, but it’s the threat from Iran that keeps former NSA director Keith Alexander up at night. Iran’s got a major geopolitical beef with the United States right now because of the Trump administration’s withdrawal from the Iran nuclear deal and re-imposition of sanctions, Alexander noted.
People tend to play fast and loose with security terminology. However, it’s important to get your malware classifications straight because knowing how various types of malware spread is vital to containing and removing them. This concise malware bestiary will help you get your malware terms right when you hang out with geeks.
The Retefe banking trojan resurfaced in April after going dormant for months, with a makeover that includes a move away from Tor to secure its communications as well as the abuse of a legitimate shareware application. Retefe has always stood out from other banking trojans, with a consistent regional focus in Austria, Sweden, Switzerland, Japan and the United Kingdom, researchers said, as well as its penchant for eschewing web injection as its attack vector.