this post was submitted on 13 Sep 2024
29 points (100.0% liked)

Cybersecurity

5631 readers
80 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] technocrit@lemmy.dbzer0.com 3 points 1 month ago

As if running oracle on linux wasn't bad enough in itself...

[–] CaptObvious@literature.cafe 1 points 1 month ago (1 children)

Would router-blocking the IP addresses provide some protection?

[–] sylver_dragon@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

Not really. IP addresses are really easy to change. And doubtless the threat actors will see that their IPs have been identified and will roll them over soon. The solution is to go after the tactics the attackers are using:

The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances.

  1. Install your updates. If you have a server open to the internet and you haven't patched known exploited vulnerabilities, you deserve to have your network ransomed.
  2. Many products have either vendor provided or useful third party security configuration guides. While there are situations where business processes prevent some configuration changes, these guides should be followed when possible. And weak passwords should not be on that list.

EDIT: for Oracle Web Logic, you do a lot worse that going through the DoD STIG for it.