Oracle Provides Workaround for Critical Flaw in Identity Manager

Oracle has warned customers about a critical vulnerability in the Oracle Identity Manager (OIM) that could allow an attacker to gain complete control over the user management system.

OIM is part of Oracle’s Fusion Middleware suite of business applications and provides user provisioning and management. Companies use this application to add new accounts for employees and enforce access control policies.

Since OIM can be used to gain access to many other applications, its security is very important, which is why Oracle decided to publish an out-of-band Security Alert instead of waiting for the next quarterly Critical Patch Update (CPU), which is scheduled for Jan. 16, 2018.

The vulnerability, tracked as CVE-2017-10151, received a base severity score of 10.0, the maximum on the CVSSv3 scale. The flaw can be exploited over the network without authentication and leads to a full compromise of the OIM application.

The versions of Identity Manager affected are: 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0. A workaround is available in a document that’s only available for customers with Premier Support or Extended Support contracts.

“Oracle recommends affected Oracle customers apply the workaround instructions and fix associated with this Security Alert as soon as possible,” Eric Maurice, Oracle’s director of security assurance, said in a blog post.

Pharma Giant Merck Lost $300 Million in NotPetya Attack

The NotPetya ransomware attack that hit international companies in July shut down production systems at drug manufacturer Merck, causing hundreds of millions of dollars in losses.

The attack affected the production of a vaccine called GARDASIL 9 (Human Papillomavirus 9-valent Vaccine, Recombinant) to the extent that Merck had to borrow it from stockpiles at the U.S. Centers for Disease Control and Prevention. This vaccine is used to prevent certain cancers and other diseases caused by HPV.

The attack reduced sales in the third quarter by $240 million, the company said in its latest quarterly filing with the U.S. Securities and Exchange Commission (SEC). “Additionally, as expected, revenue was unfavorably impacted by approximately $135 million from lost sales in certain markets related to the cyber-attack,” according to the company.

The incident highlights the severe impact to businesses that ransomware worms can have, especially in industries that depend on legacy systems, such as manufacturing.

The NotPetya attack started in the Ukraine, but quickly spread outside the country through the network links between companies’ different branches. International firms were particularly hit hard.

Global shipping giant Maersk had to shut down operations at tens of port terminals around the world and estimated that the attack will end up costing the company between $200 million and $300 million. FedEx said NotPetya’s impact on its TNT Express division will cost the company $300 million.

Due to NotPetya’s success, security experts expect to see more hybrid threats that combine ransomware with worms capable of spreading through local networks. Attackers attempted a new such attack recently with Bad Rabbit.

Sage Ransomware Returns with New Variant

Security researchers from Fortinet have spotted a new variant of a ransomware program called Sage that has been silent since March. The new version targets a larger number of countries and asks for a higher ransom amount.

The new Sage variant spreads through spam emails that carry Word documents with malicious VB macros. Compared to its previous iterations, the malware tries to obtain elevated privileges by exploiting an older Windows kernel vulnerability patched in 2015 (CVE-2015-0057). If that’s not possible, it tries to escalate privileges through the User Account Control (UAC) feature.

Older versions of the ransomware had translations of the ransom note in 11 languages, including English, Spanish, French and German, but the new variant added localization for Norwegian, Malay, Turkish, Vietnamese, Indonesian and Hindi. The ransom amount has also been increased from $1,000 to $2,000.

“To avoid being detected by auto analysis systems, it also has a heavy focus on utilizing several techniques to detect virtualized environments,” the Fortinet researchers said in a blog post.

Lucian Constantin

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at [email protected] or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin