Oracle isn’t budging on Cloud breach denial: Cybersecurity firm CloudSEK first reported the cloud breach involving a threat actor “rose87168” selling six million records exfiltrated from single-sign-on (SSO) and Lightweight Directory Access Protocol (LDAP) of Oracle Cloud.While Oracle quickly denied the breach to media outlets, data shared as samples from the breach were validated by several Oracle customers. Additionally, the threat actor posted an archive.org URL (login.us2.oraclecloud.com) and demonstrated to the cybersecurity news channel Bleeping Computer they had write access to login.us2.oraclecloud.com, a login service using Oracle Access Manager.Oracle has since requested Wayback Machine (Archive.org) to take down the archived URL. Independent cybersecurity researchers are taking to the internet to criticize Oracle’s efforts at coverup. Meanwhile, the threat actor posted a long video of an internal Oracle meeting, presumably from the breach, solidifying their claims.”In cybersecurity, denial doesn’t neutralize the danger, transparency does,” CloudSEK co-founder and CEO Rahul Sassi told CSO. “This investigation is not about blame, it’s about accountability. It’s about empowering every security team, every customer, and every vendor in the supply chain to act before attackers do.” Affected data from the breach included JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys, according to CloudSEK. While SSO passwords could be cracked with other breached files, LDAP passwords were encrypted and the threat actor, in their post, sought help with decoding them in exchange for some compromised data.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3951683/oracle-warns-customers-of-health-data-breach-amid-public-denial.html
