A New Fix for WebLogic Server Patch
Patching does not necessarily solve security issues, as the hackers are again able to take advantage of the vulnerability. Cyber attackers have found a new way around the recently launched patch for Oracle WebLogic Server flaw.
The patch contained 254 new security fixes for the Oracle WebLogic Server flaw that affected few versions of the Oracle WebLogic Server. However, a Chinese researcher discovered a way that allows the WebLogic vulnerability to be exploited again enabling hackers to gain control of a vulnerable server. Considering that the proof of concept was published in the past, the patch is rather easy for trained hackers to figure out because of the shared information on social media.
Currently, there is no confirmation of servers being attacked with this vulnerability, but Oracle WebLogic Server has been known to be targeted by malicious hackers. In January, it was reported that hackers were leveraging a web application server flaw that Oracle asserted to have patched.
When vulnerabilities are revealed, organizations often hustle to offer a fix before the flaw can be exploited in the open. This newly identified faulty patch advises that hurrying up to release an update does not help much in mending the problem. The reports should not stop users from installing the recent patch update because attackers continue to scrutinize the internet for exposed servers.
By Michael Cockrill, CIO, State of Washington
By Brett Shockley, SVP & CIO, Avaya
By Sven Gerjets, SVP-IT, DIRECTV
By Steve Moyer, VP of Storage Software Engineering, Micron...
By Michelle R. McKenna-Doyle, SVP and CIO, National Football...
By Patrick Hale, CIO, VITAS Healthcare
By Roman Trakhtenberg, CEO, Luxoft
By Julia Davis, SVP, CIO, Aflac
By Chris Westlake, VP & GM of Service,RK
By Pauly Comtois, VP DevOps, Hearst Business Media
By Yanni Charalambous, VP & CIO, Occidental Petroleum...
By Bob Brown, VP-Production & Operations, ONE World Sports
By Arthur Hu, SVP & CIO, Lenovo
By Ron Guerrier, CIO, Farmers Insurance Group, Inc.
By Scott Cardenas, CIO, City and County of Denver
By Kevin McCarron, Vice President Collaboration, Carousel...
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Christopher Frenz, AVP of Information Security,...
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment