San Francisco transit ransomware attacker likely used year-old Java exploit (ArsTechnica)

The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency’s network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network’s systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn’t specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

Source: SANS ISC SecNewsFeed @ November 29, 2016 at 09:57AM

0
Share