Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Oracle. Show all posts
Passwords
Cloud Service Data Breach Oracle Passwords

Oracle Faces Data Leak Claims, Clarifies Cloud Services Remain Safe

 



Oracle has informed its users that a recent cyberattack only affected two outdated servers that are no longer in use. These systems were separate from Oracle’s main cloud services, and the company says that no active customer data or cloud-based accounts were harmed.

In the notice sent to its customers, Oracle clearly stated that its main cloud service, known as Oracle Cloud Infrastructure (OCI), was not targeted or accessed by attackers. They reassured users that no data was viewed, taken, or misused, and there was no interruption in cloud operations.

According to Oracle, the stolen information included usernames from older systems. However, passwords stored on those servers were either scrambled or secured in such a way that they could not be used to break into any accounts. As a result, the hackers were not able to reach any customer platforms or data.

The incident first came to public attention when a hacker began selling what they claimed were millions of user records on an online cybercrime marketplace. Oracle has been under pressure since then to confirm whether or not its systems were breached. While the company continues to deny that their modern cloud platform was affected, cybersecurity experts say that the older systems— though no longer active - were once part of Oracle’s cloud services under a different name.

Some security specialists have criticized Oracle’s choice of words, saying the company is technically correct but still avoiding full responsibility by referring to the older system as separate from its current services.

Reports suggest that the hackers may have broken into these old systems as early as January 2025. The intruders allegedly installed harmful software, allowing them to collect data such as email addresses, usernames, and coded passwords. Oracle described the stolen data as outdated, but some of the records being shared online are from late 2024 and early 2025.

This comes shortly after another reported incident involving Oracle’s healthcare division, formerly called Cerner. That breach affected hospitals in the U.S., and a hacker is now reportedly demanding large payments to prevent the release of private medical information.

Even though Oracle insists its main cloud platform is secure, these incidents raise questions about how clearly companies communicate data breaches. Users who are concerned have been advised to reach out to Oracle’s support team for more information.


Read more »
Passwords
Cyber Security Login Credentials Oracle Passwords

Hacker Claims Oracle Cloud Breach, Threatens to Leak Data

 



A hacker who goes by the name “Rose87168” is claiming to have broken into Oracle Cloud systems and is now threatening to release or sell the data unless their demands are met. According to security researchers, this person says they’ve gained access to information from over 140,000 accounts, with a total of 6 million records.

Oracle has not confirmed that any such breach took place. At first, the company denied the claims. Since then, they’ve chosen not to respond to questions about the situation. However, cybersecurity experts are beginning to find signs that support the hacker’s story.

One group of researchers believes that the attack may have happened through a flaw in how users log in. They suggest that the hacker may have found a hidden security weakness or a problem in Oracle's login system, which let them get in without needing a password. This could be tied to a previously reported vulnerability in Oracle’s software, which has been labeled a high risk by experts. That earlier issue allowed anyone with internet access to take over accounts if not fixed.

The hacker claims the stolen material includes sensitive information like login credentials, passwords for internal systems, and private security keys. These are all crucial for keeping accounts and data secure. If leaked, this information could lead to unauthorized access to many companies’ services and customer details.

Researchers have examined some of the data provided by the hacker and say it appears to be genuine. Another security group, Trustwave SpiderLabs, also looked into the case. They confirmed that the hacker is now offering the stolen data for sale and allowing buyers to choose what they want to purchase based on specific details, like company names or encrypted passwords.

Experts from both teams say the evidence strongly suggests that the breach is real. However, without a statement from Oracle, nothing is officially confirmed.

This situation is a reminder of how critical it is for companies to keep their systems up to date and to act quickly when possible flaws are discovered. Businesses that use cloud services should check their security settings, limit unnecessary access, and apply all software updates as soon as they are available.

Staying alert and following good cybersecurity habits can reduce the chances of being affected by incidents like this.


Read more »
User Data
Data Breach Data Leak Oracle Oracle Cloud User Data

Oracle Cloud Confirms Second Hack in a Month, Client Log-in Data Stolen

 

Oracle Corporation has warned customers of a second cybersecurity incident in the last month, according to Bloomberg News. A hacker infiltrated an older Oracle system and stole login credentials from client accounts, some of which date back as recently as 2024. 

The tech company reportedly informed clients that an attacker had gained access to a legacy environment—a system that had not been in active operation for roughly eight years. Although Oracle told clients that the environment had been dormant, the data retrieved included valid login credentials, which might pose a security concern, especially if users had not updated or deleted their accounts. 

This follows a prior hack last month, in which an anonymous individual attempted to sell stolen Oracle data online, prompting internal investigations. That incident, too, involved data stolen from Oracle's cloud servers in Austin, Texas. 

The FBI and cybersecurity firm CrowdStrike Holdings are presently looking into the most recent incident, Oracle informed some of its clients. According to individuals who spoke to Bloomberg, the attacker is thought to have demanded an extortion payment. Interestingly, Oracle has declared that there is no connection between the two incidents. 

According to the firm, this breach occurred due to an outdated, dormant system, whereas the previous one affected specific clients in the healthcare sector. Oracle has not yet released a statement to the public, but according to Reuters, the company told customers directly and stressed that the impact is minimal because of how old the system in question is. 

Last month, Oracle also notified clients last month of a compromise at the software-as-a-service (SaaS) company Oracle Health (formerly Cerner), which affected many healthcare organisations and hospitals in the United States.

Even though the company has not publicly reported the event, threat analysts confirmed that patient data was stolen during the attack, as evidenced by private contacts between Oracle Health and impacted clients, as well as talks with people involved. Oracle Health reported that the breach of legacy Cerner data transfer servers occurred on February 20, 2025, and that the perpetrators accessed the systems using compromised client credentials after January 22, 2025.
Read more »
Zero-day Flaw
Data Breach Data Leak Oracle User Privacy Zero-day Flaw

Oracle Finally Acknowledges Cloud Hack

 

Oracle is reportedly trying to downplay the impact of the attack while quietly acknowledging to clients that some of its cloud services have been compromised. 

A hacker dubbed online as 'rose87168' recently offered to sell millions of lines of data reportedly associated with over 140,000 Oracle Cloud tenants, including encrypted credentials. The hacker initially intended to extort a $20 million ransom from Oracle, but eventually offered to sell the data to anyone or swap it for zero-day vulnerabilities.

The malicious actor has been sharing a variety of materials to support their claims, such as a sample of 10,000 customer data records, a link to a file demonstrating access to Oracle cloud systems, user credentials, and a long video that seems to have been recorded during an internal Oracle meeting.

However, Oracle categorically denied an Oracle Cloud hack after the hacker's claims surfaced, stating, "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

However, multiple independent reports suggest Oracle privately notified concerned customers and confirmed a data incident. On the other hand, specifics remain unclear, and there appears to be some conflicting information. 

Bloomberg has learned from people familiar with the matter that Oracle has started privately informing users of a data leak involving usernames, passkeys and encrypted passwords. The FBI and CrowdStrike are reportedly investigating the incident.

Security firm CyberAngel learned from an unknown source that ‘Gen 1’ cloud servers were attacked — newer ‘Gen 2’ servers were not — that the exposed material is at least 16 months old and does not include full private details. 

“Our source, who we are not naming as requested, is reporting that Oracle has allegedly determined an attacker who was in the shared identity service as early as January 2025,” Cyber Angel said. “This exposure was facilitated via a 2020 Java exploit and the hacker was able to install a webshell along with malware. The malware specifically targeted the Oracle IDM database and was able to exfil data.” 

“Oracle allegedly became aware of a potential breach in late February and investigated this issue internally,” it added. “Within days, Oracle reportedly was able to remove the actor when the first demand for ransom was made in early March.” 

Following the story, cybersecurity expert Kevin Beaumont discovered from Oracle cloud users that the tech firm has simply verbally notified them; no written notifications have been sent. According to Beaumont, "Gen 1" servers might be a reference to Oracle Classic, the moniker for earlier Oracle Cloud services. Oracle is able to deny that Oracle Cloud was compromised thanks to this "wordplay," as Beaumont refers to it.
Read more »
Web Services
AI tools Artificial Intelligence Chatbots Cyber Security Healthcare Data Oracle Web Services

Oracle and Cohere Collaborate for New Gen AI Service

 

During Oracle's recent earnings call, company founder Larry Ellison made an exciting announcement, confirming the launch of a new generation AI service in collaboration with Cohere. This partnership aims to deliver powerful generative AI services for businesses, opening up new possibilities for innovation and advanced applications.

The collaboration between Oracle and Cohere signifies a strategic move by Oracle to enhance its AI capabilities and offer cutting-edge solutions to its customers. With AI playing a pivotal role in transforming industries and driving digital transformation, this partnership is expected to strengthen Oracle's position in the market.

Cohere, a company specializing in natural language processing (NLP) and generative AI models, brings its expertise to the collaboration. By leveraging Cohere's advanced AI models, Oracle aims to empower businesses with enhanced capabilities in areas such as text summarization, language generation, chatbots, and more.

One of the key highlights of this collaboration is the potential for businesses to leverage the power of generative AI to automate and optimize various processes. Generative AI has the ability to create content, generate new ideas, and perform complex tasks, making it a valuable tool for organizations across industries.

The joint efforts of Oracle and Cohere are expected to result in the development of state-of-the-art AI models that can revolutionize how businesses operate and innovate. By harnessing the power of AI, organizations can gain valuable insights from vast amounts of data, enhance customer experiences, and streamline operations.

This announcement comes in the wake of Oracle's recent acquisition of Cerner, a healthcare technology company, further solidifying Oracle's commitment to revolutionizing the healthcare industry through advanced technologies. The integration of AI into healthcare systems holds immense potential to improve patient care, optimize clinical processes, and enable predictive analytics for better decision-making.

As the demand for AI-powered solutions continues to rise, businesses are seeking comprehensive platforms that can deliver sophisticated AI services. With Oracle and Cohere joining forces, organizations can benefit from an expanded suite of AI tools and services that can address a wide range of industry-specific challenges.

The collaboration between Oracle and Cohere highlights the growing importance of AI in driving innovation and digital transformation across industries. As businesses increasingly recognize the value of AI, partnerships like this one are crucial for pushing the boundaries of what AI can achieve and bringing advanced capabilities to the market.

The partnership between Oracle and Cohere signifies a significant step forward in the realm of AI services. The collaboration is expected to deliver powerful generative AI solutions that can empower businesses to unlock new opportunities and drive innovation. With Oracle's expertise in enterprise technology and Cohere's proficiency in AI models, this collaboration holds great promise for businesses seeking to leverage the full potential of AI in their operations and strategies.
Read more »
Vulnerabilities and Exploits
Cloud Data Cloud Security cloud storage Exploits Oracle Vulnerabilities and Exploits

Vulnerability in OCI Could Have Put the Data of Customers Exposed to the Attacker

 

A vulnerability called 'AttatchMe', discovered by a Wiz engineer could have allowed the attackers to access and steal the OCI storage volumes of any user without their permission. 

During an Oracle cloud infrastructure examination in June, Wiz engineers disclosed a cloud isolation security flaw in Oracle Cloud Infrastructure. They found that connecting a disk to a VM in another account can be done without any permissions, which immediately made them realize it could become a path for cyberattacks for threat actors. 

Elad Gabay, the security researcher at Wiz made a public statement regarding the vulnerability on September 20. He mentioned the possible severe outcomes of the exploitation of the vulnerability saying this could have led to “severe sensitive data leakage” for all OCI customers and could even be exploited to gain code execution remotely. 

To exploit this vulnerability, attackers need unique identifiers and the oracle cloud infrastructure's environment ID (OCID) of the victim, which can be obtained either through searching on the web or through low-privileged user permission to get the volume OCID from the victim's environment. 

The vulnerability 'AttachMe' is a critical cloud isolation vulnerability, which affects a specific cloud service. The vulnerability affects user data/files by allowing malicious actors to execute severe threats including removing sensitive data from your volume, searching for cleartext secrets to move toward the victim's environment, and making the volume difficult to access, in addition to partitioning the disk that contains the operating system folder. 

The guidelines of OCI state that volumes are a “virtual disk” that allows enough space for computer instances. They are available in the two following varieties in OCI: 

1. Block volume: it is detachable storage, allowing you to expand the storage capacity if needed. 

2. Boot volume: it is a detachable boot volume device containing the image used to boot a system such as operating systems, and supporting systems. 

As soon as Oracle's partner and customer Wiz announced the vulnerability, Oracle took immediate measures to patch the vulnerability while thanking wiz for disclosing the security flaw and helping them in resolving it in the last update advisory of receiving the patch for the vulnerability.
Read more »
Oracle
cryptocurrency cryptomining Cryptomining News Docker Engine API malware Malware Campaign Oracle

Malware Targets Weblog Servers And Dockers APIs For Cryptomining

Malicious malware known as Kinsing is using both recently discovered and legacy vulnerabilities in Oracle WebLogic Server to boost cryptocurrency mining malware. 
  
It was discovered by Trend Micro, that a financially-motivated cyber attack group behind the malware was making use of the vulnerability to run Python scripts that could disable Operating System (OS) security features such as Security-Enahnced Linux (SELinux), and many more. 
 
Kinsing malware has a history of acquiring vulnerable servers to co-opt into botnet devices such as Redis, SaltStack, Log4Shell, Spring4Shell, and the Atlassian Confluence vulnerability (CVE-2022-26134). The malware has also reportedly been involved in campaign container environments via misconfigured open Docker Daemon API ports instigating crypto mining and spreading the malware to other containers am host devices. 
 
In the latest wave of attacks, the malicious actor weaponized a two-year-old Remote Code Execution (RCE) bug, dubbed CVE-2020-14882 (CVSS score 9.8), against unpatched vulnerabilities to seize control of the servers and cause harm to the victims through malicious payloads. 
 
The exploitation of the bug further involved deploying a shell script responsible for various actions, such as removing the var/log/syslog/systemlog, disabling security functions and cloud service agents from conglomerates like Alibaba and Tencent – killing competing crypto mining processes.  
 
It is then followed by the shell script downloading the Kinsing malware from a remote server, along with taking steps to ensure persistence through a cron job. 
 
“The successful exploitation of this vulnerability can lead to RCE, which can allow attackers to perform plethora of malicious activities on the affected systems” Trend Micro said. “This can range from malware execution [...] to theft of critical data, and even complete control of a compromised machine.”
 
TeamTNT malwares makes comeback
 
Researchers at Aqua Security, a cloud-native security company, have linked three new attacks to another “vibrant” cryptojacking group called "TeamTNT", which eventually stopped functioning in November 2021.  
 
“TeamTNT has been scanning for microconfigured Docker Daemon and deploying alpine, a vanilla container image, with a command line to download a shell script (k.sh) to C2 server”, stated Aqua Security researcher Assaf Morag. 

The attack chain appears to be designed to crack SECP256K1 encryption, which if successful could give the malicious actor the ability to compute the keys for each cryptocurrency wallet. Thus, using high but illegal processing power of its targets to run the ECDLP solver and acquire the key. The other two attacks carried out by the threat group involve exploiting exposed Redis servers and misconfigured Docker API to provide cryptominers and Tsunami binaries. 
 
The targeting of Docker REST APIs by TeamTNTs has been well-documented over the past years. But in an operational security blunder observed by Trend Micro, credentials connected with two of the attacker-controlled DockerHub accounts have been uncovered. 

The accounts namely 'alpineos' and 'sandeep078' are said to have been used to distribute numerous malicious payloads like rootkits, Kubernetes exploits kits, credential stealers, XMTig Monero miners, and even the Kingsing malware. 
 
“The account alpineos was used in exploitation attempts on out honeypots three times, from mid-September to early October 2021, and we tracked the deployments’ IP addresses to their location in Germany,” stated Nitesh Surana, a researcher at Trend Micro. 
 
As estimated by Trends Micro, alpineos image has been downloaded more than 150,000 times. This further notified Docker about these accounts. 
 
The cybersecurity platform recommends organizations configure the exposed RESR API with TLS to steer clear of the adversary-in-the-middle (AiTM) attacks, along with using credential stores and helpers to host user credentials.
Read more »
TikTok
Cyber Security Microsoft Oracle TikTok

TikTok owner Chinese company clarifies to Microsoft that it would not be its new owner

 

Following President Donald Trump's executive order that labeled the video-sharing application TikTok as a "national emergency", its owner has a September 15 deadline decided to either sell the app to a US company or see the service banned completely banned from the US market.

Be that as it may, Microsoft had already stepped in the race before the official announcement came from the president, saying it was interested in taking up TikTok and incorporate "world-class security, privacy, and digital safety protections" to the app if it did. 

By uniting with Walmart to co-bid for the Chinese company's US, Canadian, Australian, and New Zealand operations. 

Microsoft authorities dubbed the conversations as "preliminary", highlighting that it was not planning to give any further updates on the discussions until there was a definitive result. ByteDance, the Chinese multinational internet technology, said it would exclude TikTok's algorithm as a feature of the sale, as per a South China Morning Post report, and further clarified to Microsoft that it would not be its new owner.

Sunday's blog post emphasized what Microsoft has expressed right from the beginning - that the potential procurement would have required "significant changes" to the application's present status. 

The company moreover explained in a blog post, "ByteDance let us know today they would not be selling TikTok's US operations to Microsoft, we are confident our proposal would have been good for TikTok's users while protecting national security interests." 

"To do this, we would have made significant changes to ensure the service met the highest standards for security, privacy, online safety, and combatting disinformation, and we made these principles clear in our August statement.." 

Nonetheless, following Microsoft's bid, Oracle has also started holding discussions with ByteDance, indicating its interest in the video-sharing application. 


The Wall Street Journal on Monday morning revealed that Oracle would soon be announced as TikTok's "trusted tech partner" and that the video-sharing platform's sale would not actually be organized as an acquisition. 

Meanwhile, Tik Tok affirms that it would launch a lawsuit against the US government concerning its ban. Any possible lawsuit, however, would not keep the company from being constrained to auction the application in the US market.
Read more »
Subscribe to: Posts (Atom)