All news with #oracle tag

Barts Health NHS Reports Data Theft via Oracle Zero-Day

🔒 Barts Health NHS Trust disclosed that the Cl0p ransomware group stole invoice data from an Oracle E-Business Suite database after exploiting a zero-day vulnerability (CVE-2025-61882). Stolen files include full names and addresses of payers, records of former employees with debts, supplier details, and accounting files relating to Barking, Havering and Redbridge University Hospitals. The trust says its electronic patient record and clinical systems were not affected, has notified the NCSC, Metropolitan Police and the ICO, and is seeking a High Court order while advising patients to check invoices and remain vigilant for suspicious communications.

University of Phoenix Discloses Data Breach After Oracle Hack

🔒The University of Phoenix disclosed a data breach tied to a zero-day flaw in Oracle E-Business Suite, saying it detected the incident on November 21 after the extortion group posted the university to its leak site. Phoenix Education Partners filed an SEC 8-K announcing the incident and an ongoing review. The university said attackers accessed names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty and suppliers. Affected individuals will receive mailed notifications with next steps.

Amazon RDS for Oracle and SQL Server: 256 TiB Storage

🔔Amazon Relational Database Service (Amazon RDS) for Oracle and SQL Server now supports up to 256 TiB of storage per database instance — a fourfold increase in per-instance capacity. Customers can attach up to three additional 64 TiB storage volumes alongside the primary volume and add, scale, or remove those volumes without application downtime. Administrators can mix high-performance Provisioned IOPS SSD (io2) volumes with cost-optimized gp3 volumes to balance performance and cost. Additional storage volumes can be created or managed via the AWS Management Console, AWS CLI, or SDKs and are available in all commercial and AWS GovCloud (US) Regions.

University of Pennsylvania Confirms Oracle EBS Data Theft

🔒 The University of Pennsylvania disclosed that attackers exploited a previously unknown Oracle E-Business Suite zero-day in August to obtain files containing personal information. In a notification filed with Maine's Attorney General, Penn said at least 1,488 individuals had data taken and warned the overall total may be larger. The university reported no evidence so far that the stolen information has been misused or published and has not publicly attributed the intrusion; the incident aligns with a broader campaign linked to the Clop ransomware group.

Dartmouth Confirms Data Breach After Clop Extortion

🔒 Dartmouth College says threat actors linked to the Clop extortion gang exploited a zero-day in Oracle E-Business Suite to steal files and leak them on a dark web site. The college reported unauthorized access between August 9 and August 12, 2025, and on October 30 identified files containing names and Social Security numbers. A filing with Maine's Attorney General lists 1,494 individuals whose data was found in reviewed files and notes that financial account information was also taken. Dartmouth has not provided details on any ransom demand or the full scope of impacted people.

Pre-auth RCE in Oracle Identity Manager Forces Patching

⚠️ The Cybersecurity and Infrastructure Security Agency (CISA) added a critical pre-authenticated remote code execution flaw in Oracle Identity Manager (CVE-2025-61757) to its Known Exploited Vulnerabilities catalog after active exploitation was observed. Searchlight Cyber reported that a flawed authentication filter combined with matrix/query parameters lets attackers bypass auth and reach a Groovy compile endpoint, enabling RCE through compile-time annotation processing. Oracle fixed the issue in its October 2025 Critical Patch Update; federal agencies must remediate by December 12, 2025.

CISA Adds Critical Oracle Identity Manager RCE to KEV

🔴 Oracle Identity Manager is affected by a critical unauthenticated remote code execution flaw, CVE-2025-61757, impacting versions 12.2.1.4.0 and 14.1.2.1.0. Disclosed by Searchlight Cyber on 20 November and reported by Oracle on 21 November, the bug was added to the CISA KEV catalog the same day. The issue resides in the REST WebServices component and carries a CVSS score of 9.8, enabling HTTP access to execute arbitrary code and potentially allowing full takeover. CISA urges immediate patching or isolation of affected services from the public internet.

Cox Enterprises Discloses Oracle E-Business Suite Breach

🔒 Cox Enterprises says hackers accessed its network after exploiting a zero-day in Oracle E‑Business Suite, with activity occurring between Aug. 9–14 and detected on Sept. 29, 2025. The company notified 9,479 impacted individuals and is offering 12 months of credit monitoring and identity protection through IDX. The Cl0p ransomware gang has claimed responsibility and posted stolen files after Oracle issued a patch on Oct. 5. Cox did not specify the types of data exposed in the notice.

CISA Adds Oracle Identity Manager Flaw to KEV List

⚠️ CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation targeting Oracle Identity Manager. The flaw, a missing-authentication issue with a CVSS score of 9.8, affects versions 12.2.1.4.0 and 14.1.2.1.0 and was addressed in Oracle's recent quarterly updates. Searchlight Cyber researchers demonstrated that an allow-list bypass using URI tricks such as ?WSDL or ;.wadl can expose protected API endpoints and enable pre-authenticated remote code execution via the groovyscriptstatus endpoint. Federal civilian agencies must apply the patch by December 12, 2025.

CISA Warns: Oracle Identity Manager RCE Actively Exploited

🚨 CISA has added CVE-2025-61757, a pre-authentication remote code execution vulnerability in Oracle Identity Manager, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by December 12 under BOD 22-01. The flaw, disclosed by Searchlight Cyber, abuses an authentication bypass in REST APIs by appending parameters such as ?WSDL or ;.wadl to URL paths, exposing a Groovy compilation endpoint. Researchers showed that Groovy's annotation-processing can execute code at compile time, enabling pre-auth RCE. Oracle released a fix on October 21, 2025; CISA warned the issue is being actively exploited.

Amazon RDS for Oracle SE2 License Included in Taipei

📢 Amazon RDS for Oracle now offers Oracle Database Standard Edition 2 (SE2) License Included on R7i and M7i instances in the Asia Pacific (Taipei) region. Launched Nov 21, 2025, these License Included instances remove the need to purchase separate Oracle Database licenses and are available through the AWS Management Console, AWS CLI, and SDKs. There are no separate license or support charges. Review the Rethink Oracle Standard Edition Two on Amazon RDS for Oracle blog and Amazon RDS pricing for cost and regional availability.

Oracle Database@AWS Integrates with AWS KMS for TDE

🔐 AWS announced integration between Oracle Database@AWS and AWS Key Management Service (KMS), enabling KMS to encrypt Oracle Transparent Data Encryption (TDE) master keys. The feature is available in all regions where Oracle Database@AWS runs and incurs only standard KMS charges—there is no additional Oracle Database@AWS fee. Customers gain centralized key control, CloudTrail auditing, and automatic key rotation for TDE keys.

Amazon RDS for Oracle: October 2025 RU and Spatial Fixes

🔔 Amazon RDS for Oracle now supports the Oracle October 2025 Release Update (RU) for 19c and 21c, and the corresponding Spatial Patch Bundle for 19c. AWS recommends upgrading because the RU includes six new security patches for Oracle database products, and the Spatial Patch Bundle provides important fixes and performance improvements for Oracle Spatial and Graph. You can apply the RU from the Amazon RDS Management Console or programmatically via the AWS SDK or CLI, and enable Automatic Minor Version Upgrade to install updates during your maintenance window. To deploy the Spatial Patch Bundle, select the 'Spatial Patch Bundle Engine Versions' checkbox when creating new instances or upgrade existing instances to engine version '19.0.0.0.ru-2025-10.spb-1.r1'.

Logitech Confirms Data Breach After Clop Extortion Campaign

🚨 Logitech International S.A. confirmed a data breach claimed by the extortion gang Clop and disclosed the incident in a Form 8‑K filing with the U.S. SEC. The company says data was exfiltrated but that the incident has not impacted its products, business operations, or manufacturing, and that highly sensitive fields such as national ID numbers and credit card data were not stored or accessed. Logitech engaged external cybersecurity firms, attributes the intrusion to a third‑party zero‑day that was patched, and Clop has posted nearly 1.8 TB of alleged stolen data.

GlobalLogic warns 10,000 employees of Oracle data theft

🔒 GlobalLogic is notifying 10,471 current and former employees that personal data was stolen after attackers exploited an Oracle E-Business Suite zero-day. The compromised HR information includes names, contact details, birthdates, passport and tax identifiers, salary and bank account information. The incident aligns with a wider extortion campaign linked to the Clop ransomware group exploiting CVE-2025-61882.

Amazon RDS for Oracle adds R7i memory-optimized instances

🧠 Amazon RDS for Oracle now offers R7i memory-optimized preconfigured instances powered by custom 4th Gen Intel Xeon Scalable processors, the AWS Nitro System, and DDR5 memory. These instances provide up to a 64:1 memory-to-vCPU ratio and higher storage I/O per vCPU, enabling many Oracle workloads to reduce vCPU counts without performance loss. Available under BYOL for Oracle Database Enterprise Edition and Standard Edition 2, R7i can lower Oracle licensing and support costs while meeting high-performance requirements.

Integrating Oracle with Google Cloud for AI Automation

🔁 This Google Cloud post explains how enterprises can integrate Oracle Database with cloud-native analytics and AI by moving transactional data into BigQuery. It recommends ingestion patterns such as low-latency Change Data Capture via Datastream, batch staging to Cloud Storage, and notes ODBC/JDBC for interactive queries but not continuous replication. Once data resides in BigQuery, organizations can leverage Gemini-powered features, BigQuery ML, and AI agents (via the Agent Developer Kit) for natural-language exploration, assisted coding, multimodal analysis, and automated workflows across retail and education use cases.

CISA Confirms Exploitation of Oracle E-Business SSRF Flaw

🔒 CISA has confirmed active exploitation of CVE-2025-61884, an unauthenticated SSRF in the Oracle Configurator runtime, and added it to its Known Exploited Vulnerabilities catalog. Federal agencies are required to patch the issue by November 10, 2025. Oracle released a fix on October 11 rated 7.5 and BleepingComputer says the update blocks a leaked exploit tied to ShinyHunters and related extortion activity.

CISA Adds Five Exploited Bugs Including Oracle EBS SSRF

⚠️ CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming CVE-2025-61884 — an SSRF in the Runtime component of Oracle E-Business Suite — is being weaponized in the wild. The agency warns CVE-2025-61884 is remotely exploitable without authentication and follows active exploitation of CVE-2025-61882, a critical RCE bug. The KEV update also includes high-severity issues in Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple JavaScriptCore, and FCEB agencies must remediate them by November 10, 2025.

CISA Adds Five CVEs to Known Exploited Vulnerabilities

🚨 CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2022-48503 (Apple), CVE-2025-2746 and CVE-2025-2747 (Kentico Xperience Staging Sync Server), CVE-2025-33073 (Microsoft Windows SMB Client), and CVE-2025-61884 (Oracle E-Business Suite SSRF). These flaws include authentication bypasses, improper access control, and SSRF, which are frequent attack vectors and pose significant risks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate identified KEV items by the required due dates; CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practice.