Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Schneider Electric Modicon vulnerability impacts ICS operation in industrial settings
September 6, 2018
A security vulnerability discovered in Schneider Electric Modicon controllers has the potential to severely disrupt industrial equipment and networks. According to researchers from industrial cybersecurity firm Radiflow, the bug, tracked as CVE-2018-7789, “severely exposes the safety and availability of the ICS networks on which these devices were installed.” The vulnerability is present in the Schneider Electric Modicon M221 controller ...
- Recent Windows ALPC zero-day has been exploited in the wild for almost a week
September 5, 2018
Two days after a security researcher released details and proof-of-concept code about an unpatched Windows zero-day, one malware group had already incorporated the vulnerability in their exploit chain and was attempting to infect users around the globe. The zero-day used in this malware distribution campaign is a (still-unpatched) vulnerability in the Windows Task Scheduler feature, affecting ...
- Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
September 5, 2018
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution ...
- Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
September 3, 2018
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to ...
- Microsoft Windows zero-day vulnerability disclosed through Twitter
August 28, 2018
Microsoft has quickly reacted to the disclosure of a previously unknown zero-day vulnerability in the Windows operating system. On Monday, Twitter user SandboxEscaper revealed the existence of the bug on the microblogging platform. As reported by the Register, the user said: “Here is the alpc bug as 0day. I don’t f**king care about life anymore. Neither do I ...
- Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands
August 25, 2018
Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. AT (ATtention) commands, or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT ...