Oracle, a company focused on integrated applications and platform services sends patches for weak spots in hundreds of their products. Apparently, these vulnerabilities or weak spots can be hacked remotely by attackers and even without the need of user credentials. Oracle is now encouraging its customers to actively apply these patches to prevent any future damage.
SANS Technology Institute researchers reported a situation where its attackers used Minero miner; a Cryptonote algorithm-based cryptocurrency, to attack its Oracle Weblogic and Peoplesoft installations. In the process they managed to gain approximately $226,000 in crypto currency. Further investigation concluded several other areas in Oracle Applications with weaknesses.
The most recent critical patch update includes E-Business Suites. Onapsis a pioneer in cybersecurity and compliance reported two of these vulnerabilities which had a CVSS (Common Vulnerability Scoring System) of 9.1 out of 10 deeming it critical. While it is possible attackers don’t know just how much they have accessed due to them having a primary focus is cryptocurrency mining, the information they have in their hands is just too significant to take lightly.