Cybersecurity

5401 readers

203 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)

submitted 5 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] technocrit@lemmy.dbzer0.com 3 points 5 days ago

As if running oracle on linux wasn't bad enough in itself...

[–] CaptObvious@literature.cafe 1 points 5 days ago (1 children)

Would router-blocking the IP addresses provide some protection?

[–] sylver_dragon@lemmy.world 2 points 5 days ago* (last edited 5 days ago)

Not really. IP addresses are really easy to change. And doubtless the threat actors will see that their IPs have been identified and will roll them over soon. The solution is to go after the tactics the attackers are using:

The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances.

Install your updates. If you have a server open to the internet and you haven't patched known exploited vulnerabilities, you deserve to have your network ransomed.
Many products have either vendor provided or useful third party security configuration guides. While there are situations where business processes prevent some configuration changes, these guides should be followed when possible. And weak passwords should not be on that list.

EDIT: for Oracle Web Logic, you do a lot worse that going through the DoD STIG for it.