Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed “Sodinokibi.”
Last weekend, The Hacker News learned about a critical deserialisation remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorisation.
To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on April 26, just a day after the vulnerability was made public and several in-the-wild attacks were observed.
According to cybersecurity researchers from Cisco Talos’ threat research team, an unknown group of hackers has been exploiting this vulnerability since at least April 25 to infect vulnerable servers with a new piece of ransomware malware.
images from Hacker News