Oracle warns of security bug that hackers abused to breach 100+ companies
Oracle disclosed a critical security vulnerability on October 26, 2023, which a cybercrime group has been actively exploiting. The technology giant alerted customers to the flaw, identified as CVE-2023-21931, a remote code execution bug in Oracle WebLogic Server. This vulnerability allows attackers to gain unauthorized access and execute malicious code on affected systems without requiring user interaction. Google Cloud's Security Command Center subsequently notified over 100 organizations that their Oracle WebLogic servers were potentially compromised due to this exploit. The attackers are reportedly leveraging the vulnerability as part of a widespread hacking campaign, aiming to infiltrate company networks and steal sensitive data. Oracle has released patches and urged customers to apply them immediately to mitigate the risk of further exploitation. The company emphasized that prompt patching is crucial to protect against ongoing threats targeting this specific vulnerability.
Original source — read the full reporting at the publisher:
Read on TechCrunch